0:00:08.022,0:00:11.012
Ich bin sehr Stolz einen Gast aus den vereinigten Staaten hier auf der [br]2[br]00:00:11,012 --> 00:00:14,086[br]Elevate begrüssen zu dürfen, es ist James Vasile von der Freedom Box Foundation
0:00:14.086,0:00:20.061
James Vasile arbeitet an meheren Projekten
0:00:20.061,0:00:23.056
z.b.Apache, ich denke auch Joomla und viele andere. Er ist auch Anwalt,
0:00:23.056,0:00:31.034
und arbeitet für die Freedom Box Foundation und die Free Software Foundation.
0:00:31.034,0:00:37.089
Er presentiert nun, meiner Meinung nach, eines der illusionärsten Projekte , das ich in Jahren sah.
0:00:37.089,0:00:43.023
wie wir hier sehen können, eine kleine Kiste, die Freedom Box.
0:00:43.023,0:00:48.004
Ja, James wird eine Präsentation geben und dann werden wir
0:00:48.004,0:00:50.029
in einer gesprächsrunde Fragen beantworten.
0:00:50.029,0:00:53.073
so James, es ist deine Bühne.
0:00:53.073,0:00:56.056
Danke Daniel.
0:00:56.056,0:01:03.013
Ich bin jetzt seit ein paar Tagen auf dem Elevate Festival
0:01:03.013,0:01:10.010
Ich besuchte einige Vorlesungen, sah Filme und hörte Musik
0:01:10.010,0:01:15.074
und es ist ein grossartiger Platz wo alle diese Ideen zusammmenkommen.
0:01:15.074,0:01:21.022
Ich möchte mich bei Daniel für die organisation bedanken
0:01:21.022,0:01:23.061
und natürlich auch bei Joseph.
0:01:23.061,0:01:30.034
Im besonderen bei Daniel , der mich dazubewegte hierher zu kommen.
0:01:30.034,0:01:33.048
und ein wirklich toller Gastgeber ist.
0:01:33.048,0:01:36.031
Vielen Dank noch einmal.
0:01:36.031,0:01:42.084
APPLAUS
0:01:42.084,0:01:52.052
lange Zeit zurück, in den Anfängen des Internets
0:01:52.052,0:01:56.065
als wir anfingen das internet zu benutzen um miteinander zu reden,
0:01:56.065,0:02:00.065
Sprachen wir meistens direkt zu den menschen, richtig ?
0:02:00.065,0:02:05.008
Think about how email works, on a technical level
0:02:05.008,0:02:10.000
You take a message, you hand it off to your mail transport agent
0:02:10.000,0:02:14.065
It sends it through a network, directly to the recipient.
0:02:14.065,0:02:16.090
It hops through some other computers, but funadmentally
0:02:16.090,0:02:21.008
you use the network to talk directly to your other computer
0:02:21.008,0:02:26.030
the other computer where the recipient gets his or her mail
0:02:26.030,0:02:30.048
It was a direct communication medium.
0:02:30.048,0:02:33.048
If you're old enough to remember a program called 'talk'
0:02:33.048,0:02:37.017
Talk was the first, sort of, interactive you type, they see it, they type, you see it
0:02:37.017,0:02:40.040
instant message application.
0:02:40.040,0:02:43.007
This again, was direct.
0:02:43.007,0:02:48.020
You would put your, put their name, into your program, and address
0:02:48.020,0:02:51.036
they would put theirs into yours, and you would just talk directly to each other
0:02:51.036,0:02:57.030
You didn't send this message through servers. That centralised technology.
0:02:57.030,0:03:02.009
From there, from those beginnings of talking directly to each other
0:03:02.009,0:03:07.073
we started to build communities, emailing directly to people.
0:03:07.073,0:03:10.070
But that was relatively inefficient.
0:03:10.070,0:03:17.025
Talking directly to people, one-to-one, works very good for one-to-one converstions.
0:03:17.025,0:03:19.050
But as soon as you want a group conversation
0:03:19.050,0:03:21.073
as soon as you want to find people reliably who you haven't
0:03:21.073,0:03:26.077
already set up contacts for, exchanged email addresses and such
0:03:26.077,0:03:28.072
you run into friction, you run into problems
0:03:28.072,0:03:34.001
So the solution to that, was to create more centralised structures
0:03:34.001,0:03:37.089
and we did this with IRC
0:03:37.089,0:03:41.047
IRC is a place where instead of talking directly to the people we're trying to reach
0:03:41.047,0:03:45.021
we take a message, and we send it to an IRC server
0:03:45.021,0:03:46.069
a third party
0:03:46.069,0:03:48.048
and the IRC server then copies that message
0:03:48.048,0:03:51.020
to all the people who we might want to talk to.
0:03:51.020,0:03:54.033
We developed mailing lists, listservs
0:03:54.033,0:03:58.021
And again, this was a way where we would take our message
0:03:58.021,0:03:59.037
and hand it to a third party
0:03:59.037,0:04:03.039
A mail server, that is not us and not the person we're trying to talk to
0:04:03.039,0:04:05.092
and that mail server would then echo our communication to
0:04:05.092,0:04:07.057
all the people we want to talk to
0:04:07.057,0:04:10.038
and this was great, because you didn't have to know the
0:04:10.038,0:04:12.056
addresses of all the people you wanted to talk to
0:04:12.056,0:04:15.037
You could just all 'meet' in a common place
0:04:15.037,0:04:19.052
We all meet in an IRC chatroom, we all meet on a listserv
0:04:19.052,0:04:23.052
And there were a lot of IRC channels, and a lot of IRC servers
0:04:23.052,0:04:25.031
and a lot of mail servers
0:04:25.031,0:04:27.028
all across the internet
0:04:27.028,0:04:28.088
A lot of places to do this communication.
0:04:28.088,0:04:32.046
And if you didn't like the policies or the structures or the technology
0:04:32.046,0:04:34.027
of any one of these service providers
0:04:34.027,0:04:36.050
these IRC servers, or these list servers
0:04:36.050,0:04:38.045
you could just switch, you could choose to run your own.
0:04:38.045,0:04:40.010
It was very simple.
0:04:40.010,0:04:46.097
This infrastructure is not hard to create, it's not hard to run, it's not hard to install.
0:04:46.097,0:04:49.066
And so a lot of people did run, create and install it.
0:04:49.066,0:04:53.008
There were a bunch of IRC servers, there were a bunch of different listserv packages
0:04:53.008,0:04:57.084
But as we've moved forward in time,
0:04:57.084,0:05:01.039
we've started to centralise even more.
0:05:01.039,0:05:05.036
And, you can fast-forward to today
0:05:05.036,0:05:07.045
where we're channeling our communication
0:05:07.045,0:05:10.056
through fewer and fewer places.
0:05:10.056,0:05:13.070
And we are making structures that are more and more central
0:05:13.070,0:05:15.062
and more and more over-arching
0:05:15.062,0:05:20.082
So, from the, the IRC way of talking to each other
0:05:20.082,0:05:25.045
we moved to instant messaging applications.
0:05:25.045,0:05:28.014
AOL Instant Messenger, ICQ,
0:05:28.014,0:05:31.037
those were the early ways to do it
0:05:31.037,0:05:33.029
and there were only a few of them
0:05:33.029,0:05:36.085
MSN had its messaging system, Yahoo had its messaging system
0:05:36.085,0:05:39.038
and when people wanted to talk to each other now,
0:05:39.038,0:05:41.033
they were using third-parties again.
0:05:41.033,0:05:43.014
But they were only using a few third parties.
0:05:43.014,0:05:46.088
And if you wanted to switch providers,
0:05:46.088,0:05:49.041
you would leave almost everyone you knew behind,
0:05:49.041,0:05:51.036
your entire community behind.
0:05:51.036,0:05:53.001
And so it becomes harder to switch.
0:05:53.001,0:05:54.066
There are fewer options
0:05:54.066,0:05:58.009
and the cost of switching leaves more and more people behind
0:05:58.009,0:06:00.076
So you started to have lock-in.
0:06:00.076,0:06:05.052
You started to have people who were chained to their methods of communication
0:06:05.052,0:06:07.087
because the cost of losing your community is too high.
0:06:07.087,0:06:10.012
And so if you don't like the technology, or you don't like the policy
0:06:10.012,0:06:12.007
or you don't like the politics
0:06:12.007,0:06:13.026
or if they're trying to filter you
0:06:13.026,0:06:14.086
or censor you
0:06:14.086,0:06:16.006
you don't have a lot of options.
0:06:16.006,0:06:18.060
The cost of leaving is so high that you might stay.
0:06:18.060,0:06:21.041
People do stay. And they accept it.
0:06:21.041,0:06:25.026
And we went from that small basket of providers of this kind
0:06:25.026,0:06:27.005
of communication technology
0:06:27.005,0:06:29.014
to an even more centralised structure
0:06:29.014,0:06:33.062
where there is effectively only one way to reach all our friends,
0:06:33.062,0:06:36.004
in each mod of communication,
0:06:36.004,0:06:37.050
Facebook.
0:06:37.050,0:06:38.068
And Twitter.
0:06:38.068,0:06:41.040
These two services rule everything.
0:06:41.040,0:06:43.049
And I'm not going to stand here and say Facebook is evil
0:06:43.049,0:06:45.014
and that Twitter is evil
0:06:45.014,0:06:49.004
What I want to say is that having one place
0:06:49.004,0:06:50.064
where we do all our communication
0:06:50.064,0:06:53.017
leaves us at the mercy of the policies of the people
0:06:53.017,0:06:55.054
that control the infrastructure that we are chained to,
0:06:55.054,0:06:57.075
that we are stuck using, that we are locked into.
0:06:57.075,0:07:02.023
You can't leave Facebook without leaving everybody you know
0:07:02.023,0:07:05.064
because everybody you know is on Facebook.
0:07:05.064,0:07:09.052
I was not a Facebook user.
0:07:09.052,0:07:11.017
I was against Facebook.
0:07:11.017,0:07:14.046
I thought it was bad to centralise all our communication in one place.
0:07:14.046,0:07:15.065
I didn't like the privacy implications,
0:07:15.065,0:07:18.020
I didn't like Facebook's censorship
0:07:18.020,0:07:21.078
of things like pictures of nursing mothers.
0:07:21.078,0:07:22.096
I don't think that kind of thing is obscene,
0:07:22.096,0:07:25.049
and I don't think Facebook should have the ability to tell us
0:07:25.049,0:07:27.056
what we can share with our friends.
0:07:27.056,0:07:29.007
So I thought those were bad policies,
0:07:29.007,0:07:32.046
and I reacted to that by not joining Facebook. For years.
0:07:32.046,0:07:35.057
All my friends were on Facebook.
0:07:35.057,0:07:41.068
I joined Facebook late last year. November.
0:07:41.068,0:07:48.020
Because in November, a friend of mine passed away.
0:07:48.020,0:07:50.001
His name was Chuck. He was a brilliant man.
0:07:50.001,0:07:55.024
And he lived a lot of his life online.
0:07:55.024,0:07:58.021
He was on Facebook, and he shared things with friends on Facebook.
0:07:58.021,0:08:01.007
When he passed away I realised I hadn't communicated with him in a while,
0:08:01.007,0:08:02.072
I hadn't really talked to him in a while.
0:08:02.072,0:08:05.055
And the reason I hadn't was because I wasn't
0:08:05.055,0:08:08.008
communicating with him in the place he communicates.
0:08:08.008,0:08:10.003
I wasn't meeting him where he was, I wasn't on Facebook.
0:08:10.003,0:08:12.040
I was missing out on something huge.
0:08:12.040,0:08:15.065
That's the cost of not being there.
0:08:15.065,0:08:17.044
And so I joined.
0:08:17.044,0:08:19.036
Because I decided that as strong as my beliefs were,
0:08:19.036,0:08:21.029
it was more important to me to be there with my friends and
0:08:21.029,0:08:23.008
to talk to my friends.
0:08:23.008,0:08:24.056
That's the power of lock-in.
0:08:24.056,0:08:27.024
Me, a person who cares, as much as I do,
0:08:27.024,0:08:31.004
who cares enough about these issues that I do something like this
0:08:31.004,0:08:32.097
I got locked into Facebook. I'm there now.
0:08:32.097,0:08:35.034
That's how I talk to a lot of my friends, whether I like it or not
0:08:35.034,0:08:38.073
I am locked into Facebook.
0:08:38.073,0:08:42.077
You know, I'm also on Diaspora. But my friends aren't on Diaspora.
0:08:42.077,0:08:46.081
This sort of lock-in creates a sort of situation where
0:08:46.081,0:08:51.013
we have one arbiter of what is acceptable speech,
0:08:51.013,0:08:53.022
whether we like it or not.
0:08:53.022,0:08:55.003
If they're free, we're free to the extent,
0:08:55.003,0:08:56.021
only to the extent,
0:08:56.021,0:08:57.026
that they give us freedom.
0:08:57.026,0:08:59.005
And that to me isn't freedom.
0:08:59.005,0:09:01.044
That to me is accepting what you're given.
0:09:01.044,0:09:04.013
It's the exact opposite of making your own choices.
0:09:04.013,0:09:08.064
The exact opposite of self-determination.
0:09:08.064,0:09:13.056
All of our problems in communication can be traced
0:09:13.056,0:09:16.097
to centralized communications infrastructure.
0:09:16.097,0:09:22.062
Now, I've sort of told this story at the social level,
0:09:22.062,0:09:25.087
in the way that we're talking about how to talk to your peers
0:09:25.087,0:09:28.070
and your friends on the internet.
0:09:28.070,0:09:33.076
But this story also exists when we think about relying on the pipes,
0:09:33.076,0:09:38.024
relying on the hardware, the technical infrastructure behind the software.
0:09:38.024,0:09:43.047
We rely on internet backbones,
0:09:43.047,0:09:45.070
we rely on centralized cellphone networks,
0:09:45.070,0:09:47.095
we rely on centralized telephone networks.
0:09:47.095,0:09:52.043
The people that control these networks have the ability
0:09:52.043,0:09:54.080
to tell us what we're allowed to say,
0:09:54.080,0:09:56.061
when we're allowed to say it.
0:09:56.061,0:09:59.074
They have the ability to filter us, to censor us, to influence us.
0:09:59.074,0:10:02.058
Sometimes they use that ability, and sometimes they don't,
0:10:02.058,0:10:04.067
and sometimes by law they're not allowed to.
0:10:04.067,0:10:06.048
But at the end of the day
0:10:06.048,0:10:09.026
the power doesn't rest in our hands.
0:10:09.026,0:10:11.052
The power, from a technological perspective,
0:10:11.052,0:10:13.058
rests in the hands of the people that operate the
0:10:13.058,0:10:15.065
networks.
0:10:15.065,0:10:20.041
Centralization doesn't just allow this sort of filtering and censorship.
0:10:20.041,0:10:23.052
There's another big problem with centralization.
0:10:23.052,0:10:26.005
The other big problem with centralization is that by
0:10:26.005,0:10:30.004
gathering all of our data in one place
0:10:30.004,0:10:33.050
it becomes easy
0:10:33.050,0:10:36.064
to spy on us.
0:10:36.064,0:10:39.033
So every time you go to a website
0:10:39.033,0:10:41.042
pretty much
0:10:41.042,0:10:45.044
the website includes, at the bottom of the page
0:10:45.044,0:10:49.092
a little graphic or invisible Javascript thing
0:10:49.092,0:10:53.006
that tells Google that you came to visit the page.
0:10:53.006,0:10:56.017
Eva goes to a website, and the website says
0:10:56.017,0:10:59.028
"Hey Google! Eva just came to my website!"
0:10:59.028,0:11:01.049
Every time she goes to a website, that happens.
0:11:01.049,0:11:04.076
And so Google effectively sits next to her and watches,
0:11:04.076,0:11:06.055
while she uses the internet.
0:11:06.055,0:11:07.089
Watches everything she does,
0:11:07.089,0:11:09.008
and everything she enters,
0:11:09.008,0:11:11.063
everything she looks at and knows.
0:11:11.063,0:11:15.023
It's not just her search data, it's not just her Gmail.
0:11:15.023,0:11:19.025
It's the entire picture of her digital life.
0:11:19.025,0:11:22.008
In one place.
0:11:22.008,0:11:23.073
That's a pretty complete profile.
0:11:23.073,0:11:24.077
If you were able...
0:11:24.077,0:11:27.061
...imagine if somebody could sit next to you and watch
0:11:27.061,0:11:29.026
everything you did online,
0:11:29.026,0:11:31.035
imagine how much they would know about you.
0:11:31.035,0:11:33.027
That's how much Google knows about you.
0:11:33.027,0:11:36.025
Google knows more about you than you know about yourself,
0:11:36.025,0:11:39.094
because Google never forgets.
0:11:39.094,0:11:42.091
Google knows more about you than your parents,
0:11:42.091,0:11:43.095
than your partner,
0:11:43.095,0:11:46.088
Google knows your secrets, your worst secrets,
0:11:46.088,0:11:48.067
Google knows if you're cheating on your spouse
0:11:48.067,0:11:49.085
because they saw you do the Google search for the
0:11:49.085,0:11:54.064
sexually-transmitted disease.
0:11:54.064,0:11:56.070
Google knows your hopes and your dreams.
0:11:56.070,0:11:58.016
Because the things we hope and dream about,
0:11:58.016,0:11:59.035
we look for more information about.
0:11:59.035,0:12:00.070
We're natural information seekers.
0:12:00.070,0:12:02.048
We think about something, it fascinates us,
0:12:02.048,0:12:05.018
we go and look it up online. We search around.
0:12:05.018,0:12:06.097
We look around the internet, and we think about it.
0:12:06.097,0:12:11.001
And Google is right there. Following our thought process,
0:12:11.001,0:12:15.002
the thought process in our click trail.
0:12:15.002,0:12:19.034
That is an intimate relationship.
0:12:19.034,0:12:21.029
Right? Do you want an intimate relationship with Google?
0:12:21.029,0:12:21.090
Maybe you do.
0:12:21.090,0:12:25.050
I personally, don't.
0:12:25.050,0:12:28.077
But that's it, Google sits next to us and watches us use
0:12:28.077,0:12:30.012
our computers.
0:12:30.012,0:12:34.074
And if anyone actually did... if you had a friend who wanted
0:12:34.074,0:12:37.027
to sit next to you, or a stranger said I want to sit next to you
0:12:37.027,0:12:39.005
and just watch you use your computer all day,
0:12:39.005,0:12:41.040
you would use that computer very differently to the way you do now.
0:12:41.040,0:12:44.037
But because Google doesn't physically sit next to you,
0:12:44.037,0:12:49.006
Google sits invisibly in the box, you don't know Google is there.
0:12:49.006,0:12:51.015
But you do know, right?
0:12:51.015,0:12:52.064
We're all aware of this. I'm not saying any of you don't know,
0:12:52.064,0:12:55.075
especially in a room like this.
0:12:55.075,0:12:57.010
But we don't think about it.
0:12:57.010,0:12:58.075
We try not to think about it.
0:12:58.075,0:13:01.058
We are locked in, to the internet.
0:13:01.058,0:13:03.064
We can't stop using it.
0:13:03.064,0:13:05.029
And the structures that exist,
0:13:05.029,0:13:06.050
the infrastructure that exists,
0:13:06.050,0:13:09.001
that has been slowly turned from
0:13:09.001,0:13:12.072
a means to allow us to communicate with each other
0:13:12.072,0:13:16.011
to a means of allowing us to access web services
0:13:16.011,0:13:19.081
in return for all our personal information so we can be bought and sold
0:13:19.081,0:13:21.059
like products.
0:13:21.059,0:13:24.096
That is the problem. That is the problem of centralization, of having one structure.
0:13:24.096,0:13:27.038
As soon as we put all that information in one place
0:13:27.038,0:13:32.002
we get complete profiles of us, you get complete pictures of you.
0:13:32.002,0:13:33.048
And that is a lot of information.
0:13:33.048,0:13:34.055
It's valuable information.
0:13:34.055,0:13:39.045
It's information that is used, right now, mostly to sell you things.
0:13:39.045,0:13:42.028
And that, you might find objectionable.
0:13:42.028,0:13:43.017
Maybe you don't.
0:13:43.017,0:13:46.090
Maybe you don't believe the studies that say you can't ignore advertising.
0:13:46.090,0:13:51.066
Maybe you think that you are smart and special, and advertising doesn't affect you.
0:13:51.066,0:13:53.045
You're wrong.
0:13:53.045,0:13:56.026
But maybe you believe that.
0:13:56.026,0:14:02.002
But that information, that same infrastructure, that same technology that allows them
0:14:02.002,0:14:05.097
to know you well enough to sell you soap
0:14:05.097,0:14:12.021
allows them to know you well enough to decide how much of a credit risk you are,
0:14:12.021,0:14:14.014
how much of a health risk you are,
0:14:14.014,0:14:16.095
and what your insurance premiums should look like.
0:14:16.095,0:14:18.090
In America we have a big problem right now.
0:14:18.090,0:14:23.022
Insurance costs are out of control. Health insurance. We're having a lot of difficulty paying for it.
0:14:23.022,0:14:28.072
Insurance companies would like to respond to this problem
0:14:28.072,0:14:31.074
by knowing better who's a good risk and who's a bad risk
0:14:31.074,0:14:35.062
so they can lower prices for the good risk and raise prices for the bad risk.
0:14:35.062,0:14:41.028
Essentially they want to make people who are going to get sick, uninsurable.
0:14:41.028,0:14:45.033
And if you could know enough about a person to know what they're risk factors are based on
0:14:45.033,0:14:49.034
what they're digital life is, if you can get just a little bit of information about them,
0:14:49.034,0:14:53.036
maybe you can figure out who their parents are and what hereditary diseases they might be subject to,
0:14:53.036,0:14:55.087
you can start to understand these things.
0:14:55.087,0:14:58.084
You can start to figure out who's a good risk and who's a bad risk.
0:14:58.084,0:15:04.048
You can use this information for ends that seem reasonable if you're a health insurance
0:15:04.048,0:15:07.004
company, but probably don't seem reasonable if you're
0:15:07.004,0:15:10.031
the kind of person sitting in this room, the kind of person that I talk to.
0:15:10.031,0:15:17.046
And that's the problem. The innocuous use. The use that seems kind of icky, but not truly evil,
0:15:17.046,0:15:19.069
which is advertising.
0:15:19.069,0:15:25.024
It's the same mechanism, the same data, that then gets used for other purposes.
0:15:25.024,0:15:32.083
It's the same data that then gets turned over to a government who wants to oppress you
0:15:32.083,0:15:36.057
because you are supporting wikileaks.
0:15:36.057,0:15:39.082
And that's not a fantasy, that's what happened.
0:15:39.082,0:15:49.032
It's the same information that anybody who wants to know something about you for an evil end would use.
0:15:49.032,0:15:56.061
We have a saying in the world of information, that if the data exists, you can't decide what it gets
0:15:56.061,0:15:58.014
used for.
0:15:58.014,0:16:03.004
Once data exists, especially data in the hands of the government, of officials,
0:16:03.004,0:16:05.081
once that data exists, it's a resource.
0:16:05.081,0:16:10.015
And the use of that resource it its own energy, its own logic.
0:16:10.015,0:16:15.040
Once a resource is there begging to be used, it's very hard to stop it from being used.
0:16:15.040,0:16:22.064
Because it's so attractive, it's so efficient, it would solve so many problems to use the data.
0:16:22.064,0:16:28.059
And so once you collect the data, once the data exists in one centralized place,
0:16:28.059,0:16:35.043
for anybody to come and get it with a warrant, or maybe no warrant, or maybe some money...
0:16:35.043,0:16:41.005
somebody is going to come with a warrant, or no warrant, and they are going to get that data.
0:16:41.005,0:16:42.084
And they will use it for whatever they want to use it.
0:16:42.084,0:16:47.018
Once it's out of the hands of the first person who collected it, who maybe you trust,
0:16:47.018,0:16:52.069
who maybe has good privacy policies, who maybe has no intention to do anything with your data
0:16:52.069,0:16:58.061
other than use it for diagnostic purposes, once it's out of that person's hands it's gone.
0:16:58.061,0:17:00.098
You never know where it goes after that.
0:17:00.098,0:17:02.090
It is completely uncontrolled and unchecked
0:17:02.090,0:17:05.090
and there is no ability to restrain what happens to that data.
0:17:05.090,0:17:14.037
So all of this is my attempt to convince you that privacy is a real value in our society,
0:17:14.037,0:17:18.009
and that the danger of losing privacy is a real problem.
0:17:18.009,0:17:20.078
It's not just the censorship, it's not just the filtering,
0:17:20.078,0:17:26.091
it's not just the propaganda, the influencing of opinion, that's one aspect of it,
0:17:26.091,0:17:35.041
it's not just the free speech. It's also the privacy, because privacy goes to the heart of our autonomy.
0:17:35.041,0:17:43.045
About a year and a half ago to two years ago at the Software Freedom Law Center
0:17:43.045,0:17:47.060
a man named Ian Sullivan who's a co-worker of mine,
0:17:47.060,0:17:49.069
he bought a bunch of plug servers,
0:17:49.069,0:17:54.048
because he was really excited at the thought of using them as print servers, and media servers,
0:17:54.048,0:17:59.024
and he started tinkering with them in our office.
0:17:59.024,0:18:02.093
My boss Eben Moglen who is a long-time activist in the Free Software movement,
0:18:02.093,0:18:15.002
fought very hard for Phil Zimmerman and PGP when that was a big issue,
0:18:15.002,0:18:23.055
he looked at this technology and he immediately realised that several streams had come together in one
0:18:23.055,0:18:24.059
place.
0:18:24.059,0:18:27.098
There's a lot of really good technology to protect your privacy right now.
0:18:27.098,0:18:31.014
In fact that's the stuff we're putting on the Freedom Box.
0:18:31.014,0:18:33.009
We're not writing new software.
0:18:33.009,0:18:36.074
We are gathering stuff, and putting it in one place.
0:18:36.074,0:18:40.092
Stuff that other people did because there are people who are better at writing software, and security,
0:18:40.092,0:18:43.026
than we are. We're software integrators.
0:18:43.026,0:18:46.067
And he realised there was all this software out there, and suddenly there was a box to put it on.
0:18:46.067,0:18:53.011
You could put all that software in one place, make it easy, and give it to people in one neat package.
0:18:53.011,0:18:56.071
Pre-installed, pre-configured, or as close to it as we can get.
0:18:56.071,0:19:02.065
And that, was the vision for the FreedomBox.
0:19:02.065,0:19:08.018
The FreedomBox is a tiny computer. Look at this.
0:19:08.018,0:19:10.087
That's small, it's unobtrusive.
0:19:10.087,0:19:11.077
So it's a small computer.
0:19:11.077,0:19:16.023
And we don't just mean small in size... it doesn't take a lot of energy.
0:19:16.023,0:19:22.067
I could be running this box on a couple of AA batteries for the life of this presentation.
0:19:22.067,0:19:24.061
You could run it on a solar panel.
0:19:24.061,0:19:27.077
It's very lightweight infrastructure.
0:19:27.077,0:19:33.030
You plug it into your home network, and when I say home network,
0:19:33.030,0:19:35.009
(I'm going to pass this around)
0:19:35.009,0:19:38.034
When I say home network, I mean home network.
0:19:38.034,0:19:42.082
This is technology we are designing for individuals to use to talk to their friends.
0:19:42.082,0:19:47.091
Our use-case, the thing we're trying to protect is you guys, as individuals in your communities.
0:19:47.091,0:19:51.092
This isn't a small-business appliance, it's not a large corporate applicance, this is a thing
0:19:51.092,0:19:58.093
that we are truly aiming at the home market, and people who care about privacy on an individual level.
0:19:58.093,0:20:05.097
You plug it into your home network to protect your privacy, your freedom, your anonymity and your security.
0:20:05.097,0:20:09.069
That is our mission statement, I guess. Unofficially.
0:20:09.069,0:20:17.000
That is what we believe we are trying to do with this device.
0:20:17.000,0:20:22.008
So, what privacy means in this context, the way we're going to go about trying to protect your privacy
0:20:22.008,0:20:27.061
is to connect you directly with other people and take everything you do and try to encrypt it
0:20:27.061,0:20:31.033
so that only you and the person you are talking to can see it. This is not a new idea.
0:20:31.033,0:20:35.069
We can do encrypted messaging, and we can do encrypted browsing.
0:20:35.069,0:20:43.098
Now there are problems with encrypted browsing. Right now if you want to have secure browsing you generally
0:20:43.098,0:20:45.089
use something called SSL.
0:20:45.089,0:20:57.052
SSL is a system of certificate that allow a web server to say to you "we can talk privately".
0:20:57.052,0:21:01.098
That's the first guarantee, a secure cryptographic connection (A).
0:21:01.098,0:21:05.067
and (B) I can authenticate to you that I am who I say I am.
0:21:05.067,0:21:11.036
So not only can nobody listen, but you know who you're talking to.
0:21:11.036,0:21:18.032
You're not secretly talking to the government, when really you're talking to me.
0:21:18.032,0:21:23.087
The problem with SSL, the big problem with SSL, is that the system for signing certificates relies
0:21:23.087,0:21:28.026
on a trust hierachy that goes back to a cartel of companies who have the server certificates,
0:21:28.026,0:21:35.058
who have the ability to do this "guarantee". So when the website says to you "I guarantee I am who I
0:21:35.058,0:21:42.063
am", you say "I don't know you, I don't trust you". And they say "Oh, but this other company, I paid
0:21:42.063,0:21:47.009
them money, and so they'll guarantee that I am me."
0:21:47.009,0:21:52.062
Which is a really interesting idea - because I also don't know this company, why would I trust that company?
0:21:52.062,0:21:57.005
I mean, the company is just old enough and influential enough that they could actually get their
0:21:57.005,0:22:03.063
authority into my browser. So really my browser is willing to accept at face-value that this website
0:22:03.063,0:22:07.034
is who it says it is, but I don't necessarily accept that.
0:22:07.034,0:22:13.015
And then, we have the problem of self-signed certificate. Where if they say, none of those authorities
0:22:13.015,0:22:17.077
in your browser trust me, I trust myself and look, I've signed a piece of paper -
0:22:17.077,0:22:20.058
I swear I am who I say I am.
0:22:20.058,0:22:24.001
And that, is not trustworthy at all, right?
0:22:24.001,0:22:27.089
That's just him saying again "No, really! I'm me!".
0:22:27.089,0:22:33.058
So this is a problem, because the FreedomBoxes are not going to trust the SSL cartel,
0:22:33.058,0:22:36.069
and they are not going to trust each other, so they can't just sort of swear to each other that
0:22:36.069,0:22:39.052
they are who they are.
0:22:39.052,0:22:45.012
So we think we've solved this. I'm not going to say we've solved it, because we're just starting to tell
0:22:45.012,0:22:52.013
people about this idea, and I'm sure people will have reasons why the idea can be improved.
0:22:52.013,0:22:58.040
But there is a technology called MonkeySphere, that allows you to take an SSH key and wrap it around a
0:22:58.040,0:23:03.032
PGP key, and use a PGP key to authenticate SSH connections.
0:23:03.032,0:23:10.034
It's really neat technology that allows you to replace SSH trust with PGP trust.
0:23:10.034,0:23:14.049
And we looked at that, and we thought, why can't we do that with SSL?
0:23:14.049,0:23:21.037
So one thing we're going do with browsing is take an SSL certificate, an X.509 certificate,
0:23:21.037,0:23:25.024
and wrap it around a PGP key and send it through the normal SSL layer mechanisms
0:23:25.024,0:23:32.028
but when it gets to the other end, smart servers and smart browsers will open it up and use PGP mechanisms
0:23:32.028,0:23:39.057
to figure out how to trust people, to verify the connections, to sign the authentication of the identity
0:23:39.057,0:23:42.068
of the browser, of the server.
0:23:42.068,0:23:48.049
This allows us to replace the SSL cartel with the web of trust, the keyservers.
0:23:48.049,0:23:57.029
We're replacing a tiny group of companies that control everything with keyservers, community infrastructure.
0:23:57.029,0:24:01.017
Anyone can set up a keyserver, and you can decide which one you want to trust.
0:24:01.017,0:24:02.077
They share information.
0:24:02.077,0:24:06.023
The web of trust is built on people, telling each other that they trust each other.
0:24:06.023,0:24:09.094
Again, you can decide who to trust and how much you want to trust them.
0:24:09.094,0:24:16.019
This is emblematic of our approach. We've identified structures that are unreliable because
0:24:16.019,0:24:20.037
they are centralized, because they are controlled by interests that are not the same interests
0:24:20.037,0:24:22.062
as our interests.
0:24:22.062,0:24:29.077
And we've decided to replace them wherever we can with structures that rely on people,
0:24:29.077,0:24:37.053
that rely on human relationships, that rely less on the notion that you can buy trust, and more on the
0:24:37.053,0:24:42.029
notion that you earn trust, by being trustworthy, by having people vouch for you over time.
0:24:42.029,0:24:50.030
So that's our approach to encrypted browsing. It's also our approach to encrypted messaging.
0:24:50.030,0:24:58.022
We're doing Jabber for a lot of message passing, XMPP, and we're securing that again with PGP.
0:24:58.022,0:25:02.007
Everywhere we can we're going to try to use the PGP network, because it already exists...
0:25:02.007,0:25:04.035
as I said, we're not trying to invent anything new.
0:25:04.035,0:25:10.062
PGP already exists and it does a really good job. So we're taking the PGP trust system and we're
0:25:10.062,0:25:16.061
going to apply it to things like XMPP and make sure that we can do message passing in a way
0:25:16.061,0:25:18.053
that we can trust.
0:25:18.053,0:25:26.001
Once we have XMPP we have a way to send text, a way to send audio, sure...
0:25:26.001,0:25:28.070
but also you can send structured data.
0:25:28.070,0:25:33.014
Through that same channel. And you can send that data to buddy lists.
0:25:33.014,0:25:39.034
So the system starts to look like a way to pass data in a social way. And we think this is the
0:25:39.034,0:25:42.043
beginning of the social layer of the box.
0:25:42.043,0:25:46.089
At the bottom of the box we have a belief that the technology should be social
0:25:46.089,0:25:48.037
from the ground up.
0:25:48.037,0:25:50.062
And so we're building structures that allow it to be social,
0:25:50.062,0:25:55.050
that assume you want to connect with friends in a network of freedom,
0:25:55.050,0:26:01.030
perhaps FreedomBoxes, perhaps other kinds of software, other kinds of technology.
0:26:01.030,0:26:04.025
And we're designing with that in mind.
0:26:04.025,0:26:08.074
With that in mind, we think we get certain benefits technologically which I'll get into later.
0:26:08.074,0:26:13.038
We think we can simply things like key management, through methods like this.
0:26:13.038,0:26:19.018
By privacy I also mean that we can install a proxy server, privoxy,
0:26:19.018,0:26:21.020
we think the answer is privoxy here,
0:26:21.020,0:26:26.085
privoxy on the box, so you can point your browser at the box, surf the web on the box,
0:26:26.085,0:26:33.063
and strip ads, strip cookies, stop Google from tracking you from website to website to website,
0:26:33.063,0:26:43.033
to remove, the constant person sitting at your side, spying, recording, listening to everything you do.
0:26:43.033,0:26:46.091
In that vein, we don't just want to block ads and reject cookies,
0:26:46.091,0:26:50.032
we want to do something new, relatively new.
0:26:50.032,0:27:02.075
We think we want to munge your browser fingerprint, that unique pattern of data that is captured by your
0:27:02.075,0:27:03.063
user-agent string and what plugins you have, and all that stuff
0:27:03.063,0:27:07.081
that forms a unique profile of you that allows people to track your browser, companies to track your
0:27:07.081,0:27:09.087
browser as you hop along the web, even if they don't know anything about you.
0:27:09.087,0:27:13.033
It can sort of tie you to the browser, make profiles about your browser.
0:27:13.033,0:27:16.047
And that turns out to be a very effective way of figuring out who you are.
0:27:16.047,0:27:23.057
So even without a cookie, even without serving you with an ad, once they're talking to you they can
0:27:23.057,0:27:26.038
uniquely identify you, or relatively uniquely.
0:27:26.038,0:27:32.075
But it's relatively early in the browser fingerprint arms race.
0:27:32.075,0:27:37.064
We think that with a very little bit of changing, we can foil the recording.
0:27:37.064,0:27:40.050
and win this round at least.
0:27:40.050,0:27:46.093
And instead of having one profile where they gather all of your data, you will present to services
0:27:46.093,0:27:51.027
as a different person every time you use the service. So they cannot build profiles of you over time.
0:27:51.057,0:27:53.015
That's what privacy looks like in our context. We're looking for cheap ways to foil the tracking.
0:27:55.005,0:28:02.005
We're looking for easy things we can do, because we believe there's a lot of low-hanging fruit.
0:28:02.005,0:28:05.093
And we'll talk about that more in a minute.
0:28:05.093,0:28:09.083
Freedom is our value, freedom is the thing we are aiming for,
0:28:09.083,0:28:13.043
freedom from centralized structures like the pipes.
0:28:13.043,0:28:19.021
Now mesh networking, I have mesh networking in my slides. That is a lie.
0:28:19.021,0:28:21.046
We are not doing mesh networking.
0:28:21.046,0:28:26.099
The reason we are not doing mesh networking is because I do not know anything about mesh networking
0:28:26.099,0:28:31.070
and one of the reaons I came here was to meet people who know a lot about mesh networking
0:28:31.070,0:28:34.049
and I see people in this audience who know a lot about mesh networking.
0:28:34.049,0:28:41.029
If you want to turn that lie into the truth, the way you do that
0:28:41.029,0:28:43.054
is by continuing on your projects, making mesh networking awesome,
0:28:43.054,0:28:46.019
to the point where I can say yes, we're going to put that in this box.
0:28:46.019,0:28:49.019
Then eventually, by the time this box is ready to do real
0:28:49.019,0:28:52.076
things for real people, we're really hoping that the mesh story
0:28:52.076,0:28:56.050
coheres, where we've identified the protocol and the technology and the people who are going to help
0:28:56.050,0:29:00.024
us. If you think you might be one of those people, we want to talk to you.
0:29:00.024,0:29:02.077
So yes, we are going to do mesh networking,
0:29:02.077,0:29:05.074
and that might be a lie
0:29:05.074,0:29:08.027
but I hope not.
0:29:08.027,0:29:10.066
We want you to have the freedom to own your data
0:29:10.066,0:29:16.077
that means data portability, that means that your data sits on your box and never goes to a third party.
0:29:16.077,0:29:18.058
It only goes to the people you want it to go to.
0:29:18.058,0:29:23.062
Fine-grained access control. Your data, your structures, you decide where it goes.
0:29:23.062,0:29:25.039
That's a user-interface problem,
0:29:25.039,0:29:27.015
that's a user permission problem,
0:29:27.015,0:29:29.010
an access control problem.
0:29:29.010,0:29:33.026
Access control is a solved problem.
0:29:33.026,0:29:37.088
Doing it through a convenient user-interface, that's not solved... so that's work to be done.
0:29:37.088,0:29:42.003
That's a big chunk of our todo list.
0:29:42.003,0:29:43.071
We want you to own your social network
0:29:43.071,0:29:50.011
Before Facebook there was a thing called MySpace, which was... I'm not even sure it exists anymore.
0:29:50.011,0:29:54.013
Before MySpace there was Tribe.
0:29:54.013,0:29:56.055
Before Tribe there was Friendster.
0:29:56.055,0:29:59.082
Friendster is now like a... "gaming network".
0:29:59.082,0:30:02.081
I don't know what it is but they still send me email
0:30:02.081,0:30:06.023
Which is the only reason I know they're still alive.
0:30:06.023,0:30:11.001
Before Friendster was the original social network.
0:30:11.001,0:30:15.052
We called this social network "the internet".
0:30:15.052,0:30:17.000
We talked directly to each other,
0:30:17.000,0:30:21.042
we used email, an instant messenger and IRC.
0:30:21.042,0:30:23.095
We talked to people using the structures that were out there.
0:30:23.095,0:30:27.082
It wasn't centralized in one service, we had a lot of ways of meeting each other
0:30:27.082,0:30:29.015
and passing messages.
0:30:29.015,0:30:31.070
What we lacked was a centralized interface.
0:30:31.070,0:30:35.058
So when we say "own your social network" we mean use the services of the internet,
0:30:35.058,0:30:37.065
own the pieces that talk to each other.
0:30:37.065,0:30:41.010
Hopefully we'll provide you with a convenient interface to do that.
0:30:41.010,0:30:44.010
But the actual structures, the places where your data live,
0:30:44.010,0:30:48.040
that is just the same pieces that we know how to use already.
0:30:48.040,0:30:51.023
We are not going to try to reinvent how you talk to people,
0:30:51.023,0:30:56.045
we're just going to make it so that the pipes are secure.
0:30:56.045,0:30:59.045
A big part of freedom, a big part of privacy,
0:30:59.045,0:31:02.042
is anonymity.
0:31:02.042,0:31:06.044
Tor can provide anonymity.
0:31:06.044,0:31:08.081
But we don't have to go all the way to Tor.
0:31:08.081,0:31:12.024
Tor is expensive, in terms of latency.
0:31:12.024,0:31:16.082
Tor is difficult to manage...
0:31:16.082,0:31:21.039
I don't know how many people have tried to use Tor, to run all their traffic through Tor.
0:31:21.039,0:31:23.064
It's hard. For two reasons.
0:31:23.064,0:31:26.057
For one, the latency... it takes a very long time to load a web page.
0:31:26.057,0:31:32.038
And two, you look like a criminal. To every website that you go to.
0:31:32.038,0:31:38.064
My bank shut down my account when I used Tor.
0:31:38.064,0:31:44.094
Because suddenly, I was coming from an IP address in Germany that they had detected in the past
0:31:44.094,0:31:48.051
efforts to hack them on.
0:31:48.051,0:31:52.025
So they closed my account, well I had to talk to them about it,
0:31:52.025,0:31:53.090
it did all get solved in the end.
0:31:53.090,0:31:57.078
PayPal as well closed my account down.
0:31:57.078,0:31:59.040
So that was the end of my ability to use Tor.
0:31:59.040,0:32:01.005
So we can't just run all our traffic through Tor.
0:32:01.005,0:32:07.011
It's too slow, and the network has weird properties in terms of how you present to websites,
0:32:07.011,0:32:08.095
that frankly, are scary.
0:32:08.095,0:32:16.091
Because if I look like a criminal to the bank, I don't want to imagine what I look like to my own government.
0:32:16.091,0:32:19.000
But we can do privacy in other ways.
0:32:19.000,0:32:25.025
If you are a web user, in China, and you want to surf the internet,
0:32:25.025,0:32:30.094
with full access to every website you might go to, and with privacy from your government,
0:32:30.094,0:32:34.098
so that you don't get a knock on your door from visiting those websites,
0:32:34.098,0:32:36.076
we can do that without Tor.
0:32:36.076,0:32:39.002
We don't need Tor to do that. We can do that cheaply.
0:32:39.002,0:32:45.059
Because all you need to do in that situation is get your connection out of China.
0:32:45.059,0:32:54.039
Send your request for a web page through an encrypted connection to a FreedomBox in...
0:32:54.039,0:32:58.041
Austria, America, who knows?
0:32:58.041,0:33:05.093
Just get the request away from the people who physically have the power to control you.
0:33:05.093,0:33:08.090
And we can do that cheaply, that's just SSH port forwarding.
0:33:08.090,0:33:14.013
That's just a little bit of tunneling, that's just a little bit of VPN.
0:33:14.013,0:33:16.005
There's a lot of ways to do that sort of thing,
0:33:16.005,0:33:20.083
to give you anonymity and privacy in your specific context
0:33:20.083,0:33:22.079
without going all the way into something like Tor.
0:33:22.079,0:33:25.090
Now there are people who are going to need Tor.
0:33:25.090,0:33:27.096
They will need it for their use case.
0:33:27.096,0:33:32.089
But not every use case requires that level of attack.
0:33:32.089,0:33:37.093
And so one of the things we're trying to do is figure out how much privacy and anonymity you need,
0:33:37.093,0:33:40.020
and from whom you need it.
0:33:40.020,0:33:43.045
If we can do that effectively we can give people solutions
0:33:43.045,0:33:45.054
that actually work for them. Because if we just tell people
0:33:45.054,0:33:49.053
to use Tor, we're going to have a problem.
0:33:49.053,0:33:52.065
They're not going to use it, and they won't get any privacy at all.
0:33:52.065,0:33:55.018
And that's bad.
0:33:55.018,0:33:57.024
So we want to allow people to do anonymous publishing,
0:33:57.024,0:33:59.071
and file-sharing, and web-browsing and email.
0:33:59.071,0:34:01.061
All the communications you want to do.
0:34:01.061,0:34:03.086
The technology to do that already exists,
0:34:03.086,0:34:05.077
we could do all of that with Tor.
0:34:05.077,0:34:09.004
The next piece of our challenge is to figure out how to do it without Tor.
0:34:09.004,0:34:12.001
To figure out what pieces we need Tor for, and to figure out
0:34:12.001,0:34:17.084
what pieces we can do a little bit more cheaply.
0:34:17.084,0:34:19.063
Security.
0:34:19.063,0:34:23.097
Without security, you don't have freedom and privacy and anonymity.
0:34:23.097,0:34:25.062
If the box isn't secure,
0:34:25.062,0:34:27.085
you lose.
0:34:27.085,0:34:32.003
We're going to encrypt everything.
0:34:32.003,0:34:36.018
We're going to do something that's called social key management, which I'm going to talk about.
0:34:36.018,0:34:39.013
I do want to talk about the Debian-based bit.
0:34:39.013,0:34:42.085
We are based on a distribution of Linux called Debian,
0:34:42.085,0:34:46.028
because it is a community-based distribution.
0:34:46.028,0:34:48.038
It is made by people who care a lot about your
0:34:48.038,0:34:51.065
freedom, your privacy, and your ability to speak anonymously.
0:34:51.065,0:34:55.053
And we really believe that the best way to distribute this
0:34:55.053,0:34:58.034
software is to hand it to the Debian mirror network and let
0:34:58.034,0:35:00.012
them distribute it. Because they have mechanisms
0:35:00.012,0:35:02.021
to make sure that nobody changes it.
0:35:02.021,0:35:05.021
If we were to distribute the software to you directly, we
0:35:05.021,0:35:09.009
would become a target. People would want to change the
0:35:09.009,0:35:11.080
software as we distribute it on our website.
0:35:11.080,0:35:13.027
They would want to crack our website and distribute their
0:35:13.027,0:35:15.096
version of the package.
0:35:15.096,0:35:18.049
We don't want to be a target, so we're not going to give you software.
0:35:18.049,0:35:21.063
We're going to give it to Debian, and let them give you the software.
0:35:21.063,0:35:26.041
And at the same time you get all of the Debian guarantees about freedom.
0:35:26.041,0:35:28.066
The Debian Free Software Guidelines.
0:35:28.066,0:35:32.010
They're not going to give you software unless it comes
0:35:32.010,0:35:37.002
with all of the social guarantees that are required to participate in the Debian community.
0:35:37.002,0:35:39.055
So we're very proud to be using Debian in this manner,
0:35:39.055,0:35:41.094
and working with Debian in this manner.
0:35:41.094,0:35:44.078
And we think that's the most effective way we can guarantee that we're going to live up to
0:35:44.078,0:35:51.074
our promises to you, because it provides a mechanism whereby if we fail to live up to our promises,
0:35:51.074,0:35:56.034
we cannot give you something that is broken. Because Debian won't let us,
0:35:56.034,0:35:59.061
they just won't distribute it.
0:35:59.061,0:36:02.001
There are problems with security.
0:36:02.001,0:36:04.009
There are things we can't solve.
0:36:04.009,0:36:05.037
One...
0:36:05.037,0:36:08.074
Physical security of the box.
0:36:08.074,0:36:13.064
We haven't really talked much internally about whether we can encrypt the filesystem on this box.
0:36:13.064,0:36:16.061
I don't quite see a way to do it.
0:36:16.061,0:36:20.002
It doesn't have an interface for you to enter a password effectively.
0:36:20.002,0:36:23.030
By the time you've brought an interface up you'd be running untrusted code.
0:36:23.030,0:36:25.023
I don't know a way to do it.
0:36:25.023,0:36:29.054
If anyone can think of a way that we can effectively encrypt the filesystem, I'd love to hear it.
0:36:29.054,0:36:35.002
But, on top of that, if we do encrypt the filesystem,
0:36:35.002,0:36:38.060
then the thing cannot be rebooted remotely, which is a downside.
0:36:38.060,0:36:40.069
So there are trade-offs at every step of the way.
0:36:40.069,0:36:45.001
If we can figure out some of these security issues, then we can be ahead of the game.
0:36:45.001,0:36:50.026
But I think the encrypting the filesystem is the only way to guarantee the box is secure, even if it's
0:36:50.026,0:36:52.035
not physically secure.
0:36:52.035,0:36:53.069
So I think that's a big one.
0:36:53.069,0:36:58.003
If you have ideas about that, please come and talk to me after the talk.
0:36:58.003,0:37:01.029
I promised I would talk about social key management, and here it is.
0:37:01.029,0:37:06.037
So we're building the idea of knowing who your friends are
0:37:06.037,0:37:08.002
into the box at a somewhat low level.
0:37:08.002,0:37:12.094
To the point where things that are on the box can assume it is there,
0:37:12.094,0:37:17.054
or ask you if it's there, or rely on it as a matter of course in some cases.
0:37:17.054,0:37:21.088
So we can do things with keys that make your keys unlosable.
0:37:21.088,0:37:25.020
Right now a PGP key is a hard thing to manage.
0:37:25.020,0:37:26.067
Key management is terrible.
0:37:26.067,0:37:30.043
Do you guys like PGP? PGP is good.
0:37:30.043,0:37:34.072
Does anyone here like key management?
0:37:34.072,0:37:36.021
We have one guy who likes key management.
0:37:36.021,0:37:39.048
LAUGHTER
0:37:39.048,0:37:41.025
He's going to do it for all of you!
0:37:41.025,0:37:43.050
So, none of us like key management.
0:37:43.050,0:37:46.015
Key management doesn't work, especially if your use-case is home users, naive end-users.
0:37:46.015,0:37:48.010
Nobody wants to do key management.
0:37:48.010,0:37:51.070
Writing their key down and putting it in a safety deposit box is ludicrous.
0:37:51.070,0:37:54.037
It's a very difficult thing to actually convince people to do.
0:37:54.037,0:38:00.031
Sticking it on a USB key, putting it in a zip-lock back and burying it in your backyard is paranoid.
0:38:00.031,0:38:03.031
I can't believe I just told you what I do with my key.
0:38:03.031,0:38:04.082
LAUGHTER
0:38:04.082,0:38:06.074
No, you can't ask people to do that.
0:38:06.074,0:38:08.007
They won't do it.
0:38:08.007,0:38:09.088
You can't protect keys in this manner.
0:38:09.088,0:38:13.034
You have to have a system that allows them to sort of, not ever know they have a key.
0:38:13.034,0:38:16.001
To not think about their key unless they really want to.
0:38:16.001,0:38:19.000
We think we've come up with something that might work.
0:38:19.000,0:38:20.077
You take the key,
0:38:20.077,0:38:22.028
or a subkey,
0:38:22.028,0:38:24.051
you chop it into little bits
0:38:24.051,0:38:25.041
and you give that key...
0:38:25.041,0:38:31.024
and we're talking about a key of a very long length, so there's a giant attack space
0:38:31.024,0:38:36.030
and you can chop it into bits and hand it to people without reducing the search space for a key.
0:38:36.030,0:38:39.000
You chop it into bits and hand all the bits to your friends.
0:38:39.000,0:38:42.043
Now all your friends have your key, as a group.
0:38:42.043,0:38:44.027
Individually, none of them can attack you.
0:38:44.027,0:38:47.070
Indicidually, none of them has the power to come root your box,
0:38:47.070,0:38:50.037
to access your services and pretend to be you.
0:38:50.037,0:38:53.079
As a group, they can do this.
0:38:53.079,0:39:04.021
We trust our friends, as a group, more than we trust them as individuals.
0:39:04.021,0:39:08.069
Any single one of your friends, if you gave them the key to your financial data and your private online
0:39:08.069,0:39:10.081
life that would make you very nervous.
0:39:10.081,0:39:14.038
You would worry that they would succumb to temptation to peek,
0:39:14.038,0:39:17.021
fall on hard times and want to attack you in some way,
0:39:17.021,0:39:19.061
fall out with you, get mad at you.
0:39:19.061,0:39:23.034
As an individual, people are sort of fallible in this sense.
0:39:23.034,0:39:25.057
But as a group of friends who would have to get together
0:39:25.057,0:39:30.003
and affirmatively make a decision to attack you,
0:39:30.003,0:39:32.059
we think that's extremely unlikely.
0:39:32.059,0:39:38.007
It's so unlikely that there are only a few scenarios where we think it might happen.
0:39:38.007,0:39:39.053
One...
0:39:39.053,0:39:42.066
if you are ill, and unable to access your box
0:39:42.066,0:39:44.020
or you're in jail
0:39:44.020,0:39:45.054
or you've passed away
0:39:45.054,0:39:49.000
or you've disappeared.
0:39:49.000,0:39:52.030
Or... you've gone crazy.
0:39:52.030,0:39:57.064
We call this type of event, where all your friends get together and help you,
0:39:57.064,0:39:59.089
even if you don't ask them for help,
0:39:59.089,0:40:02.087
we call that an intervention.
0:40:02.087,0:40:05.056
When your friends sit you down and say,
0:40:05.056,0:40:09.030
"you need our help, you can't ask us for it because you're not in a position to ask us for it",
0:40:09.030,0:40:10.095
that's an intervention.
0:40:10.095,0:40:16.073
If you have a moment in your life, a crisis in your life that is an intervention level event,
0:40:16.073,0:40:18.054
that's when you can go to your friends.
0:40:18.054,0:40:22.011
If your house burns down, you lose your key and all your data
0:40:22.011,0:40:25.053
You go to your friends, and you say "can I have part of my key back?"
0:40:25.053,0:40:29.082
"Oh, and give me that data that you have in a cryptographically-sealed box that you can't read."
0:40:29.082,0:40:31.001
To all your friends...
0:40:31.001,0:40:32.003
"My data please, my key please, ..."
0:40:32.003,0:40:32.077
"My data please, my key please, ..."
0:40:32.077,0:40:34.014
"My data please, my key please, ..."
0:40:34.014,0:40:39.069
You take all those pieces, you get a new box,
0:40:39.069,0:40:42.008
you load it all onto your box.
0:40:42.008,0:40:47.015
You have the key, you have your entire key, and now you can read your data.
0:40:47.015,0:40:49.024
And you haven't lost your digital life.
0:40:49.024,0:40:54.000
You have a key that is now unlosable.
0:40:54.000,0:40:58.076
Even if you never wrote it down, even if you never buried it in the backyard.
0:40:58.076,0:41:00.050
This is a hard problem in key management.
0:41:00.050,0:41:04.024
People lose their keys and their passwords to services all the time.
0:41:04.024,0:41:09.002
The only way we can think of to make that impossible, is this mechanism.
0:41:09.002,0:41:10.037
And of course it's optional.
0:41:10.037,0:41:13.080
If you're a person who doesn't trust your friends, even as a group,
0:41:13.080,0:41:17.024
or if you're a person who just doesn't have a lot of friends
0:41:17.024,0:41:20.051
(let me finish!)
0:41:20.051,0:41:25.011
...who doesn't have a lot of friends with FreedomBoxes who can be the backend for this,
0:41:25.011,0:41:27.022
you don't have to trust this mechanism.
0:41:27.022,0:41:30.001
You can do something else to make your key unforgettable.
0:41:30.001,0:41:32.042
But for a lot of naive end-users,
0:41:32.042,0:41:34.051
this is the mechanism.
0:41:34.051,0:41:36.074
This is the way they are going to never
0:41:36.074,0:41:37.095
lose their keys
0:41:37.095,0:41:41.069
Because the first time a user gets irretrievably locked out of his FreedomBox,
0:41:41.069,0:41:43.078
we lose that user forever.
0:41:43.078,0:41:45.057
And we lose all his friends forever.
0:41:45.057,0:41:52.030
Because it would scare you to lose such an important group of information.
0:41:52.030,0:41:53.093
Social key management.
0:41:53.093,0:41:58.069
This is the benefit of building social, of building knowledge
0:41:58.069,0:42:03.061
of who your friends are, into the box, at a deep level.
0:42:03.061,0:42:05.082
We have never done that before, with a technology
0:42:05.082,0:42:08.002
as a community project.
0:42:08.002,0:42:11.002
And it opens up new possibilities. This is just one.
0:42:11.002,0:42:13.008
There are others.
0:42:13.008,0:42:15.031
But it's a field we haven't really thought a lot about.
0:42:15.031,0:42:19.063
I think once we get out there and we start doing this kind of
0:42:19.063,0:42:25.044
construction, a lot of new uses are going to be found for this architecture.
0:42:25.044,0:42:28.057
I encourage you all to think about what changes,
0:42:28.057,0:42:34.093
when you can assume that the box has people you can trust, just a little bit,
0:42:34.093,0:42:38.021
because right now we live in a world where we are asked
0:42:38.021,0:42:42.069
to trust third party services like Facebook with all our photos,
0:42:42.069,0:42:46.040
or Flickr with all our photos, or Gmail with all our email.
0:42:46.040,0:42:47.075
We are asked to trust them.
0:42:47.075,0:42:50.010
We have no reason to trust them.
0:42:50.010,0:42:54.086
I mean, we expect that they'll act all right, because they have no reason to destroy us.
0:42:54.086,0:42:56.092
But we don't know what's going to happen.
0:42:56.092,0:43:01.066
We're effectively giving all our information to people we don't trust at all right now.
0:43:01.066,0:43:04.061
How does a network of people we trust, just a little bit,
0:43:04.061,0:43:06.098
change the landscape?
0:43:06.098,0:43:09.007
I think that's a really interesting question.
0:43:09.007,0:43:10.041
This box explores that question,
0:43:10.041,0:43:16.006
this box creates new solutions to old problems that previously seemed intractable.
0:43:16.006,0:43:19.065
So, I encourage everybody to think about how that might
0:43:19.065,0:43:27.013
change the solution to a problem they have with a technological architecture as it exists today.
0:43:27.013,0:43:31.059
Here's another problem...
0:43:31.059,0:43:34.056
Boxes that know who you are, and know who your friends are,
0:43:34.056,0:43:37.056
and know how your friends normally act,
0:43:37.056,0:43:41.088
can also know when your friends are acting weird.
0:43:41.088,0:43:49.061
If you have a friend who sends you one email a year, who suddenly sends you ten emails in a day,
0:43:49.061,0:43:51.067
that look like spam,
0:43:51.067,0:43:53.044
you know that box is rooted.
0:43:53.044,0:43:55.037
You know that box is weird.
0:43:55.037,0:43:59.041
Or if you are using the FreedomBox as your gateway to the internet,
0:43:59.041,0:44:05.035
and a box it is serving downstream, starts sending a bunch of spam through it, it knows.
0:44:05.035,0:44:08.079
It can say "Oh no! You're acting like a zombie."
0:44:08.079,0:44:10.044
"You should get a check-up."
0:44:10.044,0:44:15.052
It can shut off mail service to that box, and not let the messages out.
0:44:15.052,0:44:21.061
It can make that decision to protect the wider internet to make you a better citizen in the world.
0:44:21.061,0:44:27.099
If suddenly your computer starts saying "Hey, I'm in Scotland and I need $5000"...
0:44:27.099,0:44:30.017
but we know you're not in Scotland
0:44:30.017,0:44:33.003
Maybe this box, because it has contact information,
0:44:33.003,0:44:35.070
maybe this box sends you an SMS.
0:44:35.070,0:44:40.092
And says "Dude, you've been hacked, go do something about your box."
0:44:40.092,0:44:43.076
So the types of things we can do once we assume we have
0:44:43.076,0:44:49.001
close relations as opposed to arms-length relations,
0:44:49.001,0:44:51.009
the types of things we can do when we trust each other a little bit
0:44:51.009,0:44:54.037
and we trust our boxes a little bit, goes way up.
0:44:54.037,0:44:55.086
Way up.
0:44:55.086,0:44:58.078
And by bringing that infrastructure closer to us,
0:44:58.078,0:45:03.036
I mean Gmail is too far away to play that role from a network perspective.
0:45:03.036,0:45:08.084
But if the box is in our land, we can do that.
0:45:08.084,0:45:11.081
These boxes will only work if they are convenient.
0:45:11.081,0:45:14.078
There's an old punk-rock slogan, from the Dead Kennedys,
0:45:14.078,0:45:18.052
"Give me convenience, or give me death."
0:45:18.052,0:45:24.067
We laugh at that, but that's a belief users have,
0:45:24.067,0:45:26.057
and I deduce that based on their behaviour,
0:45:26.057,0:45:29.073
because every time there is a convenient web service,
0:45:29.073,0:45:31.020
people use it.
0:45:31.020,0:45:34.077
Even if it's not very good with privacy, a lot of people are going to use it.
0:45:34.077,0:45:41.032
And conversely, whenever we have web services that are very good at privacy, but aren't very convenient,
0:45:41.032,0:45:44.001
comparatively fewer people use them.
0:45:44.001,0:45:47.073
We don't think this box works without convenience.
0:45:47.073,0:45:51.028
If we don't get the user-interface right then this project
0:45:51.028,0:45:53.037
will probably fall over.
0:45:53.037,0:45:56.002
It will never gain any sort of critical mass.
0:45:56.002,0:45:57.081
So we need a simple interface,
0:45:57.081,0:46:00.094
we need a way for users to interact with this box in a minimal way.
0:46:00.094,0:46:03.047
They should think about it as little as possible.
0:46:03.047,0:46:06.000
That's the hardest problem we face.
0:46:06.000,0:46:07.049
Quite frankly.
0:46:07.049,0:46:10.048
The technology to do private communication, that exists.
0:46:10.048,0:46:14.036
A lot of the people in this room helped to build that infrastructure and technology.
0:46:14.036,0:46:16.061
We can put it on the box.
0:46:16.061,0:46:21.009
Making it easy and accessible for users, that's hard.
0:46:21.009,0:46:23.035
And right now we're trying to figure out what that looks like,
0:46:23.035,0:46:25.014
who the designers are going to be.
0:46:25.014,0:46:30.078
If you have user interface or user experience design that you want to bring to a project like this,
0:46:30.078,0:46:33.091
please, please, come find me.
0:46:33.091,0:46:38.098
In order to have convenience, we need to have the thing provide services that are not just
0:46:38.098,0:46:44.092
freedom-oriented, we need to use its position in your network as a trusted device
0:46:44.092,0:46:48.050
to do things for you that aren't just about privacy.
0:46:48.050,0:46:50.054
It needs to do backups.
0:46:50.054,0:46:52.000
This is important.
0:46:52.000,0:46:56.062
Right now the way people back up their photos is by giving them to Flickr.
0:46:56.062,0:47:00.017
The way they back up their email is by giving it to Gmail.
0:47:00.017,0:47:06.003
If we don't provide backups, we can never be an effective replacement
0:47:06.003,0:47:09.014
for the services that store your data somewhere else.
0:47:09.014,0:47:14.083
Even though they're storing it out there in the cloud for their purposes, you get a benefit from it.
0:47:14.083,0:47:16.061
We have to replicate that benefit.
0:47:16.061,0:47:19.089
So things that we don't think of as privacy features have to
0:47:19.089,0:47:21.065
be in the box.
0:47:21.065,0:47:25.051
The backups, the passwords, and the keys, you can't forget them.
0:47:25.051,0:47:29.011
We would like it to be a music, a video, a photo server,
0:47:29.011,0:47:33.070
all the kinds of things you might expect from a convenient box on your network.
0:47:33.070,0:47:37.070
All the things that you want to share with other people, this box has to do those things.
0:47:37.070,0:47:44.099
And these aren't privacy features, but without them we won't be able to give people privacy.
0:47:44.099,0:47:49.015
Our first feature, the thing we are working towards
0:47:49.015,0:47:50.047
is Jabber.
0:47:50.047,0:47:53.014
It's secure encrypted chat, point-to-point.
0:47:53.014,0:47:57.071
That will be the thing we are working on right now.
0:47:57.071,0:48:02.022
But in order to do that we need to solve this monkey-spherish SSL problem that I described.
0:48:02.022,0:48:06.070
We have code, it needs to get packaged and all that.
0:48:06.070,0:48:10.023
Our development strategy, the way we are going to do all the things we said,
0:48:10.023,0:48:15.017
because the list of things I have said we're going to do...
0:48:15.017,0:48:19.036
I can't believe you're not throwing things at me.
0:48:19.036,0:48:21.056
Because it's ludicrous to believe that we can actually do all these things by ourselves.
0:48:21.056,0:48:23.051
And we're not.
0:48:23.051,0:48:25.090
We're going to let other people make the software.
0:48:25.090,0:48:28.015
As much as possible we're going to encourage other people
0:48:28.015,0:48:31.071
to build stuff. We're going to use stuff that already exists.
0:48:31.071,0:48:35.001
We're going to use Privoxy, we're going to use Prosody, we're going to use Apache.
0:48:35.001,0:48:38.056
We're not going to reinvent the web server, we're not going to reinvent protocols.
0:48:38.056,0:48:45.062
I really hope that by the time this project is mature, we haven't invented any new protocols.
0:48:45.062,0:48:48.061
Maybe we'll use new protocols, but I don't want to be
0:48:48.061,0:48:53.023
generating new things that haven't been tested, and then putting them in FreedomBox.
0:48:53.023,0:48:58.046
I want to see things in the real world, tested, gain credibility and take them.
0:48:58.046,0:49:01.073
The less we invent, the better.
0:49:01.073,0:49:07.054
As far as timelines go, by the time we have it ready, you'll know why you need it.
0:49:07.054,0:49:10.067
People right now are figuring out that privacy is important.
0:49:10.067,0:49:12.097
They're seeing it over and over again.
0:49:12.097,0:49:18.010
In Egypt, the at the start of the Arab spring, one of the things the government did to try to
0:49:18.010,0:49:22.098
tamp down the organisation was to convince companies to shut off cell networks,
0:49:22.098,0:49:25.016
to prevent people from talking to each other.
0:49:25.016,0:49:28.030
In America they did the same thing in San Francisco I hear.
0:49:28.030,0:49:36.033
Turned off the cell towers to prevent people from organising to meet for a protest.
0:49:36.033,0:49:42.025
With Occupy Wall Street, you're starting to see infiltration,
0:49:42.025,0:49:45.096
you're starting to see people going and getting information
0:49:45.096,0:49:48.050
that Occupy Wall Street is talking about and turning it over
0:49:48.050,0:49:51.093
to the authorities, the police, the FBI.
0:49:51.093,0:49:59.008
So the need for privacy as we enter a new age of increased activism, we hope,
0:49:59.008,0:50:01.078
of increased activity, of social activity,
0:50:01.078,0:50:06.024
I think the need for a lot of this privacy stuff is going to become clear.
0:50:06.024,0:50:11.000
As the technology for invading your privacy improves,
0:50:11.000,0:50:18.008
the need for technology to protect your privacy will become stark and clear.
0:50:18.008,0:50:22.054
Our two big challenges as I said are user experience,
0:50:22.054,0:50:27.055
and the one I didn't say was paying for developers, paying for designers.
0:50:27.055,0:50:31.071
Those are the hard parts that we're working on.
0:50:31.071,0:50:35.086
And if we fail, we think that's where we fail.
0:50:35.086,0:50:40.021
Software isn't on that list, as I said software is already out there.
0:50:40.021,0:50:42.044
So you can have a FreedomBox.
0:50:42.044,0:50:46.076
If you like that box that we've been passing around the audience, you can buy one from Globalscale.
0:50:46.076,0:50:51.024
If you don't want the box, it's just Debian, it's just Linux, it's just packages.
0:50:51.024,0:50:56.046
Throw Debian on a box, we will have packages available through the normal Debian mechanisms.
0:50:56.046,0:50:58.027
You don't even have to use our repository.
0:50:58.027,0:51:01.055
In fact, I don't think we're going to have a repository.
0:51:01.055,0:51:06.014
You're just going to download it and install it the same way you normally do it if you're technologically
0:51:06.014,0:51:08.051
capable of doing that.
0:51:08.051,0:51:10.025
I grabbed a bunch of photos from Flickr,
0:51:10.025,0:51:14.041
my colleague Ian Sullivan took that awesome picture of the FreedomBox.
0:51:14.041,0:51:17.023
And that's how you reach me.
0:51:18.099,0:51:31.030
APPLAUSE
0:51:39.003,0:51:44.078
Thanks James, please sit down.
0:51:44.078,0:51:49.010
We are up for questions from the audience for James.
0:51:49.010,0:52:03.052
Please raise your hand if you have any questions about the FreedomBox.
0:52:03.052,0:52:05.075
Hello, thanks that was a very interesting presentation.
0:52:05.075,0:52:06.065
Thank you.
0:52:06.065,0:52:10.049
Your boss Eben Moglen, he has given a speech at a committee of the US congress
0:52:10.049,0:52:13.048
I believe, which has received a lot of attention
0:52:13.048,0:52:18.057
and in Iran during the green movement the US state department
0:52:18.057,0:52:24.007
I believe has told Twitter to reschedule maintainence so that
0:52:24.007,0:52:29.015
the opposition could keep using Twitter during the attempted revolution
0:52:29.015,0:52:33.003
and Hilary Clinton has given a very popular speech about
0:52:33.003,0:52:36.091
how America would support the promotion of internet freedom
0:52:36.091,0:52:40.079
and I think things such as the New America Foundation are
0:52:40.079,0:52:46.041
funding and supporting projects such as the Commotion mesh networking project
0:52:46.041,0:52:49.022
that we've already heard about before.
0:52:49.022,0:52:52.063
So in other words there's a link between politics and technology sometimes,
0:52:52.063,0:52:57.086
and in the past I believe certain influential Americans such
0:52:57.086,0:53:03.096
Rupert Murdoch or George W. Bush have viewed modern communication technologies as a way to
0:53:03.096,0:53:09.005
promote U.S. foreign policy and to spread democracy and freedom in the world.
0:53:09.005,0:53:14.013
So my question is, what is your relationship with your government?
0:53:14.013,0:53:16.008
That's a really good question.
0:53:16.008,0:53:21.033
So one of the things that we sort of figured out from the beginning was that
0:53:21.033,0:53:25.076
if we had close relationships with the U.S. government,
0:53:25.076,0:53:29.078
people outside of the U.S. might have difficulty trusting us,
0:53:29.078,0:53:34.054
because nobody wants to tell all their secrets to the American government.
0:53:34.054,0:53:42.067
So we were thinking about what that really looks like in the context of a box that could be used globally.
0:53:42.067,0:53:48.064
We are working very hard to engineer a device that does not require you to trust us.
0:53:48.064,0:53:50.056
I'm not asking for your trust.
0:53:50.056,0:53:55.005
I'm not asking for your trust, I'm asking for your help.
0:53:55.005,0:53:59.009
All the code we write you'll be able to see it, you'll be able to
0:53:59.009,0:54:02.008
audit it, you'll be able to make your own decisions about what it does,
0:54:02.008,0:54:05.038
you'll be able to test it if it trustworthy or not,
0:54:05.038,0:54:10.088
and if you decide that it is not, you can tell everyone,
0:54:10.088,0:54:11.093
and they won't use it.
0:54:11.093,0:54:16.080
So from a trust perspective, it doesn't matter what our relationship is with anybody.
0:54:16.080,0:54:18.043
So that's the first thing.
0:54:18.043,0:54:23.079
The second thing is that right now we don't have much of a relationship with the U.S. government.
0:54:23.079,0:54:33.045
Jacob Applebaum is somewhat famous for his work with Julian Assange on Wikileaks,
0:54:33.045,0:54:36.056
and his work on Tor, and security in general,
0:54:36.056,0:54:39.072
his efforts to provide you with freedom and privacy.
0:54:39.072,0:54:45.085
He is a guy who was recently revealed in the Wall Street Journal that the U.S. government has been spying
0:54:45.085,0:54:51.054
on. And he is on our team, he's on our technical advisory committee.
0:54:51.054,0:54:56.002
He's one of the people we go to for help when we need to understand security on the box.
0:54:56.002,0:55:02.069
So right now our position with the American government is that we're not really related except in
0:55:02.069,0:55:05.066
so much that we are a bunch of people who really care about these issues,
0:55:05.066,0:55:12.076
which maybe occasionally makes us targets. Which gives us a reason to use a box like this.
0:55:12.076,0:55:21.026
Coupled with that, there is a program in America - you were talking about Hilary Clinton saying
0:55:21.026,0:55:26.002
she was going to encourage technologies that will spread democracy.
0:55:26.002,0:55:30.020
So the way America encourages things is by spending money on it.
0:55:30.020,0:55:34.068
That's our typical way to support programs. We fund different things.
0:55:34.068,0:55:40.067
We don't generally have feel-good campaigns, we just pay people to make good work, or try to.
0:55:40.067,0:55:46.092
So the U.S. state department has a program to provide funding for projects like the FreedomBox.
0:55:46.092,0:55:48.052
We have not applied for that funding.
0:55:48.052,0:55:50.019
I don't know if we will.
0:55:50.019,0:55:56.014
However I do know that they have given funding to some very good and genuine projects that are
0:55:56.014,0:56:00.027
run by people I trust, so I try not to be cynical about that.
0:56:00.027,0:56:06.052
I imagine at some point that through a direct grant or a sub-grant or something,
0:56:06.052,0:56:11.014
some state department money might support some aspect of work that is related to us.
0:56:11.014,0:56:15.001
I mean, we might take work from a project that is state department funded,
0:56:15.001,0:56:17.085
just because it's quick work.
0:56:17.085,0:56:20.084
Have I answered your question?
0:56:20.084,0:56:21.070
Yes, thanks.
0:56:32.020,0:56:37.063
Hi, well you always have tension if you talk about privacy
0:56:37.063,0:56:41.007
since 9/11 you know, I heard this in America very often,
0:56:41.007,0:56:44.018
"we have to be careful", every body is suspicious and stuff.
0:56:44.018,0:56:48.015
So how do you react when people like the government say well,
0:56:48.015,0:56:55.044
you are creating a way to support terrorism, whatever.
0:56:55.044,0:57:00.023
That's a good question, and it's a common question.
0:57:00.023,0:57:04.071
Frankly every time I do this talk, it's one of the first questions that come up.
0:57:04.071,0:57:06.094
The answer is really simple.
0:57:06.094,0:57:11.074
The fact is, this box doesn't create any new privacy technology.
0:57:11.074,0:57:15.013
It just makes it easier to use and easier to access.
0:57:15.013,0:57:21.042
People who are committed to terrorism or criminal activity, they have sufficient motivation that they
0:57:21.042,0:57:23.061
can use the technology that exists. Terrorists are already using PGP.
0:57:23.061,0:57:27.016
They're already using Tor.
0:57:27.016,0:57:30.025
They're already using stuff to hide their data.
0:57:30.025,0:57:33.034
At best we are helping stupid terrorists.
0:57:33.034,0:57:35.071
LAUGHTER
0:57:35.071,0:57:42.086
Granted, I'm not excited about that, but I don't that's a sufficient reason to deny common people
0:57:42.086,0:57:44.051
access to these technologies.
0:57:44.051,0:57:49.013
And more importantly than the fact that terrorists and criminals have access to this technology,
0:57:49.013,0:57:52.040
governments have access to this technology.
0:57:52.040,0:57:54.065
The largest corporations have access to this technology.
0:57:54.065,0:58:00.078
Every bank, the same encryption methods that we are using is the stuff that protects trillions of dollars
0:58:00.078,0:58:05.010
in value that banks trade every day.
0:58:05.010,0:58:12.058
This is technology that is currently being used by everyone except us.
0:58:12.058,0:58:15.011
All we're doing is levelling the playing field.
0:58:15.011,0:58:22.024
The same technology that hides data from us, that causes a complete lack of transparency in a downward
0:58:22.024,0:58:27.090
direction, we can have to level the playing field a little bit.
0:58:27.090,0:58:39.072
More questions?
0:58:39.072,0:58:43.088
Thank you for your presentation.
0:58:43.088,0:58:51.033
Could we add to challenges, maybe we could produce it in a non-communist dictatorship?
0:58:51.033,0:58:54.033
Because I saw the label "Made in China", so I think it is just
0:58:54.033,0:59:00.092
paradox to produce something like the FreedomBox in this country, and I would also like to be independent
0:59:00.092,0:59:07.017
from producing in China. So that's just something for a challenge I think.
0:59:07.017,0:59:10.061
That's a really good question and important point.
0:59:10.061,0:59:16.022
So, we're not a hardware project. Hardware is really really hard to do right and do well.
0:59:16.022,0:59:19.034
We have some hardware hackers on our project.
0:59:19.034,0:59:25.026
Our tech lead Bdale Garbee does amazing work with satellites and model rockets and altimeters,
0:59:25.026,0:59:28.083
and he's brilliant. But this is not a hardware project.
0:59:28.083,0:59:31.097
All we can do is use hardware that already exists.
0:59:31.097,0:59:37.063
When the world makes hardware in places other than China, we will use that hardware.
0:59:37.063,0:59:41.009
Right now, we don't have a lot of options.
0:59:41.009,0:59:46.062
And we're not going to deny everybody privacy because we don't have a lot of hardware options.
0:59:46.062,0:59:48.011
When we have those options we'll take them.
0:59:48.011,0:59:51.094
In the meantime, if you are a person who really cares about this issue,
0:59:51.094,0:59:55.065
don't buy a FreedomBox.
0:59:55.065,0:59:58.095
Take the software, go find a computer that isn't made in China,
0:59:58.095,1:00:02.022
LAUGHTER
1:00:02.022,1:00:05.001
and go put the software on that box.
1:00:05.001,1:00:11.074
If you want a solution that is run on computers that don't exist, I can't help you with that.
1:00:11.074,1:00:15.095
If you want a solution that runs, I might be able to help you with that.
1:00:15.095,1:00:20.026
But yes, I agree that that is a real issue, and we are thinking about that.
1:00:20.026,1:00:25.047
We believe that there is an open hardware project story here.
1:00:25.047,1:00:28.088
And one thing we've been doing is working with the manufacturer of the box,
1:00:28.088,1:00:32.094
to get the code free, to make sure we know what's in it,
1:00:32.094,1:00:35.031
so that there are no binary blobs in the box,
1:00:35.031,1:00:38.014
so we have some assurances that we actually do have freedom.
1:00:38.014,1:00:45.067
At some point though, we do believe that somebody will solve the open hardware problem for us.
1:00:45.067,1:00:50.054
We're not going to be the hardware project, but there are people trying to do this in an open way.
1:00:50.054,1:00:54.042
RaspberryPi for example. They're not quite right for our use-case, but those kinds of projects
1:00:54.042,1:00:58.058
are starting to exist, and they're starting to be really good.
1:00:58.058,1:01:01.041
In a few years, maybe that will be the thing we move onto.
1:01:01.041,1:01:09.093
Now, I'm guessing that even an open hardware project like RaspberryPi does their manufacturing in
1:01:09.093,1:01:14.086
a place like China. And that's a big problem.
1:01:14.086,1:01:19.048
When the world is ready with a solution to that, we will be ready to accept that solution and adopt it
1:01:19.048,1:01:22.061
of course.
1:01:22.061,1:01:30.053
Any more questions for James? or statements?
1:01:33.005,1:01:37.001
This is more of a statement than a question I guess,
1:01:37.001,1:01:42.097
but should the FreedomBox start being made in China there will be a lot more of them coming out of
1:01:42.097,1:01:46.025
the back door and enabling privacy for people that don't get
1:01:46.025,1:01:51.091
it, but also as soon as it starts getting manufactured I'd imagine you may,
1:01:51.091,1:01:54.091
because you're not in it for the money as you told me last night,
1:01:54.091,1:01:59.055
you may be looking forward to how easy it will be to copy,
1:01:59.055,1:02:05.098
and with things like MakerBot, making a case, making a bot is easy,
1:02:05.098,1:02:08.082
you can do it in your bedroom now with 3D printers.
1:02:08.082,1:02:15.099
So there will be a bag of components, a board, made by some online place that is really into this,
1:02:15.099,1:02:18.022
and you can assemble these at home.
1:02:18.022,1:02:22.098
So you've just got to get it out there first I think, and lead the way.
1:02:22.098,1:02:29.062
Yeah, I think that's quite right in that we are not the only place to get a box like this.
1:02:29.062,1:02:34.055
I mean, we're putting it on a specific box to make it easy, but there will be lots of places that make
1:02:34.055,1:02:40.065
boxes, and hopefully there will be places where working conditions are acceptable to everybody.
1:02:40.065,1:02:43.093
And at that point you can make your own boxes,
1:02:43.093,1:02:44.043
you can put them on any box you can find.
1:02:44.043,1:02:46.013
The point of Free Software is not to lock you into a service,
1:02:46.013,1:02:53.019
a technology, a software, a structure or a box.
1:02:53.019,1:02:53.069
We're not going to lock you into anything, that's one thing we're extremely clear about.
1:02:53.069,1:03:00.092
If you manage to make a box like this at home, I would really love to hear about it.
1:03:00.092,1:03:06.045
If you can spin up a MakerBot to make a case,
1:03:06.045,1:03:08.093
and you have a friend who can etch boards,
1:03:08.093,1:03:10.056
and you make a box like this at home,
1:03:10.056,1:03:14.014
that would be big news and a lot of people would want to know about it.
1:03:14.014,1:03:22.066
More statements or questions? Yes...
1:03:22.066,1:03:31.046
So, if you lose your box and get a new one, how is it going to reauthenticate to the boxes of your friends?
1:03:31.046,1:03:34.029
I think I didn't get that one.
1:03:34.029,1:03:39.038
Yeah, so, the good thing about friends is that they don't actually know you by your PGP key.
1:03:39.038,1:03:48.025
Sorry, I didn't specify it, if you want a grand security and you want distribution to more than 12 friends,
1:03:48.025,1:03:54.000
so let's say a hundred, and they're like, all over the world.
1:03:54.000,1:03:59.053
You are probably going to reach them through the internet to get your key parts back,
1:03:59.053,1:04:05.017
and you are probably not going to be able to use the FreedomBox to get a new one because
1:04:05.017,1:04:06.047
it has to be authenticated.
1:04:06.047,1:04:09.031
So how do you do?
1:04:09.031,1:04:10.096
Well, you at that point...
1:04:10.096,1:04:14.053
if you don't have a FreedomBox, the FreedomBox can't provide you with a solution to that problem.
1:04:14.053,1:04:16.081
What you're going to have to do,
1:04:16.081,1:04:19.001
is perhaps call your friends.
1:04:19.001,1:04:20.099
Have a conversation with them,
1:04:20.099,1:04:23.049
convince them that you are the person you say you are.
1:04:23.049,1:04:27.040
Reference your shared experiences, maybe they know your voice,
1:04:27.040,1:04:33.050
maybe they just know who you are by the way that you act and the way that you talk.
1:04:33.050,1:04:37.005
There's not going to be any one way that we get our keys back.
1:04:37.005,1:04:41.007
If you lose your key, yeah, we're not saying that's never going to be a problem.
1:04:41.007,1:04:43.090
And I wouldn't recommend splitting your key up among a hundred people,
1:04:43.090,1:04:48.053
because that's a lot of people to ask for your key back.
1:04:48.053,1:04:53.056
The mechanism I have in mind is not that you get a little bit of your key from
1:04:53.056,1:04:56.042
everyone you know, it's that you spread out the key among
1:04:56.042,1:05:00.000
a lot of people, and you need a certain number of those people.
1:05:00.000,1:05:02.069
So maybe it's five of seven of your friends.
1:05:02.069,1:05:06.073
So you give seven people the key, but any five of them could give you a whole key.
1:05:06.073,1:05:09.073
So in case you can't reach somebody you can still manage to do it.
1:05:09.073,1:05:12.088
And we can make that access control as fine-grained as we want,
1:05:12.088,1:05:15.086
but a hundred would be overwhelming.
1:05:15.086,1:05:20.050
We wouldn't do that. Sure, you could do it if you wanted,
1:05:20.050,1:05:23.047
but I don't think you'll have a hundred friends you could trust that much.
1:05:23.047,1:05:26.075
Maybe you do, I don't.
1:05:26.075,1:05:33.087
More questions, statements?
1:05:33.087,1:05:39.049
Yes?
1:05:39.049,1:05:47.025
Erm, it's just a wish... but have you thought about the idea of using the FreedomBox to create
1:05:47.025,1:05:51.089
a community where you can exchange not only data but like
1:05:51.089,1:05:58.076
products or services, so that would maybe like, change the system?
1:05:58.076,1:06:04.073
One of the things we want to do with the FreedomBox is
1:06:04.073,1:06:10.038
create a thing that looks a lot like your current social networking,
1:06:10.038,1:06:12.091
minus the advertising and the spying.
1:06:12.091,1:06:16.041
A way to talk to all your friends at once.
1:06:16.041,1:06:20.029
Once you have a place, a platform, where you can communicate
1:06:20.029,1:06:23.012
with your friends, you can build on that platform
1:06:23.012,1:06:25.005
and you can create structures like that.
1:06:25.005,1:06:29.007
If we make a thing that has programmable interfaces, so
1:06:29.007,1:06:32.067
you can make apps for it, you can make an app like that,
1:06:32.067,1:06:34.043
if that's important to you.
1:06:34.043,1:06:38.017
What people do with the communication once they have it,
1:06:38.017,1:06:40.040
we don't have any opinions about.
1:06:40.040,1:06:43.023
We want them to do everything that's important to them.
1:06:43.023,1:06:45.092
And I think something like that could be important,
1:06:45.092,1:07:03.041
and yeah, that would be amazing if that were to emerge.
1:07:03.041,1:07:08.033
Some things I believe are easier to do in a centralized architecture than a decentralized one,
1:07:08.033,1:07:12.081
for example search, or services that require a lot of bandwidth.
1:07:12.081,1:07:16.009
I don't see how you can run something like YouTube on the FreedomBox.
1:07:16.009,1:07:18.046
So is your utopian vision one where everything is decentralized,
1:07:18.046,1:07:23.091
or is it ok to have some centralized pieces in a future network?
1:07:23.091,1:07:28.084
Look, if you're going to grant me my utopia then of course everything is decentralized.
1:07:28.084,1:07:31.081
But we don't live in a utopia, I don't have magic.
1:07:31.081,1:07:38.054
We actually have in our flowchart a box labeled "magic routing",
1:07:38.054,1:07:41.021
because routing is hard to do in a decentralized way...
1:07:41.021,1:07:44.004
You need someone to tell you where the IPs are.
1:07:44.004,1:07:47.034
And that's hard to do in a decentralized way.
1:07:47.034,1:07:52.010
We haven't solved it, and we don't think we're going to fully solve it.
1:07:52.010,1:07:54.073
We hope someone else solves it first of all.
1:07:54.073,1:07:56.084
But second of all, we don't know where the compromises are.
1:07:56.084,1:07:59.021
Some things are not possible to decentralize.
1:07:59.021,1:08:01.085
We're going to decentralize as much as we can,
1:08:01.085,1:08:04.022
but we're not committing to doing anything impossible.
1:08:04.022,1:08:06.015
If you can't run YouTube off this box,
1:08:06.015,1:08:08.040
which I disagree with by the way,
1:08:08.040,1:08:10.000
then you won't, because it's impossible.
1:08:10.000,1:08:12.026
If you want to run YouTube on this box you turn all your
1:08:12.026,1:08:14.049
friends into your content delivery network,
1:08:14.049,1:08:16.074
and all your friends parallelize the distribution of the box,
1:08:16.074,1:08:18.036
you share the bandwidth.
1:08:18.036,1:08:20.062
It's ad-hoc, BitTorrent-like functionality.
1:08:20.062,1:08:24.022
Yes, that technology doesn't exist yet, I just made all that up,
1:08:24.022,1:08:27.019
but we can do it.
1:08:27.019,1:08:32.055
The parts that are hard though, the things like the routing,
1:08:32.055,1:08:35.006
there will be real compromises.
1:08:35.006,1:08:36.040
There will be real trade-offs.
1:08:36.040,1:08:39.098
There will be places where we'll say, you know what, we have
1:08:39.098,1:08:41.061
to rely on the DNS system.
1:08:41.061,1:08:44.095
Everybody in this room knows that the DNS system has some
1:08:44.095,1:08:48.009
security problems, some architectural problems that make it
1:08:48.009,1:08:51.068
a thing we would ideally not have to rely on.
1:08:51.068,1:08:55.086
But you know what? This project is not going to be able to replace DNS.
1:08:55.086,1:08:59.030
There are plenty of alternate DNS proposals out there, but we are not going to
1:08:59.030,1:09:02.057
just chuck the old DNS system, because we want people
1:09:02.057,1:09:05.055
to be able to get to the box, even if they don't have a box.
1:09:05.055,1:09:09.028
We want you to be able to serve services to the public.
1:09:09.028,1:09:13.091
We are going to use a lot of structures that are less than ideal.
1:09:13.091,1:09:16.030
We're assuming that TCP/IP is there...
1:09:16.030,1:09:19.041
in the normal use case you're using the internet backbone
1:09:19.041,1:09:22.066
to do your communication.
1:09:22.066,1:09:25.063
The mesh routing story we talked about is not how you do
1:09:25.063,1:09:30.048
your normal use. That's an emergency mode if there's a crisis, a political instability, a tsunami,
1:09:30.048,1:09:35.010
if you can't get to your regular internet because it has failed you in some way because
1:09:35.010,1:09:38.022
it has become oppressive or inaccessible.
1:09:38.022,1:09:40.061
Then you would use something like the mesh network.
1:09:40.061,1:09:44.005
But in the normal course of business, you are using
1:09:44.005,1:09:47.032
a thing that is less than ideal, and that's a trade-off.
1:09:47.032,1:09:49.052
We can't as a project protect you from everything.
1:09:49.052,1:09:51.031
We are going to look for the places where we can make
1:09:51.031,1:09:54.047
effective protection. We are going to try and make it clear
1:09:54.047,1:09:57.075
the limits of that protection. And we're going to give you
1:09:57.075,1:09:59.009
everything we can.
1:09:59.009,1:10:05.038
And then, as we move forward, when opportunities to solve new problems present themselves,
1:10:05.038,1:10:08.050
we'll take them.
1:10:08.050,1:10:16.030
Well I have to add before when we had the talk, unfortunately German you couldn't
1:10:16.030,1:10:19.027
understand a lot.
1:10:19.027,1:10:22.057
I didn't understand it but I could tell that it was occurring at a very high level of technical competence
1:10:22.057,1:10:25.072
and that there was a lot of good information there.
1:10:25.072,1:10:28.070
And I'm really hoping that you'll take the video of it and put it up on universalsubtitles.org, or some
1:10:28.070,1:10:33.018
other service where people can subtitle it. And hopefully there'll be an English version and I'll get
1:10:33.018,1:10:35.087
to see it. I think there was a lot of really good information in there.
1:10:35.087,1:10:38.026
What's universalsubtitles.org?
1:10:38.026,1:10:46.034
Universalsubtitles.org is a great website. It's kind of like, you put a video up, and anyone can
1:10:46.034,1:10:49.002
add subtitles to as much or as little as they want.
1:10:49.002,1:10:53.077
And then other people can change the subtitles, and you can do it in as many languages as you want.
1:10:53.077,1:10:59.021
So you don't have to ask someone for a favour, "hey, will you subtitle my video?"
1:10:59.021,1:11:03.006
that's 20 minutes long or an hour long. You tell a community of people "we need help subtitling",
1:11:03.006,1:11:08.054
and everyone goes and subtitles 3 minutes in their favourite languages.
1:11:08.054,1:11:15.042
It's a very effective way to crowdsouce subtitling, and it's a very effective way to just share information.
1:11:15.042,1:11:20.094
We have a lot of videos with good information that are locked into languages that not everyone speaks.
1:11:20.094,1:11:22.071
So this is a way to get around that.
1:11:22.071,1:11:25.042
As FreedomBox, we use that project.
1:11:25.042,1:11:28.009
And I believe, if I'm not mistaken, I haven't looked in a while,
1:11:28.009,1:11:33.002
that it's all Free software that they are using. So you can download it and start your own if you want.
1:11:33.002,1:11:41.075
So back to my previous question - in the talk in the afternoon we heard about mesh networking
1:11:41.075,1:11:44.086
we talked about that, and it's actually not just being used in
1:11:44.086,1:11:46.081
emergency situations but people are really using it.
1:11:46.081,1:11:52.085
And especially, the philosophy that everyone becomes part of the net as not just a consumer
1:11:52.085,1:11:58.063
but providing part of the net, it certainly is like that that they
1:11:58.063,1:12:01.018
can share data among each other, they don't necessarily need
1:12:01.018,1:12:03.041
to go into the internet.
1:12:03.041,1:12:07.015
So, I would imagine the FreedomBox, with mesh networking,
1:12:07.015,1:12:10.059
we could essentially create a large network of many many
1:12:10.059,1:12:12.037
people using it.
1:12:12.037,1:12:17.046
We also talked about the mesh networking like FunkFeuer in Graz or Vienna
1:12:17.046,1:12:21.015
but it would be interesting to get them on mobile devices,
1:12:21.015,1:12:23.026
so that you could walk through the street,
1:12:23.026,1:12:30.037
theoretically people have these devices, and you could walk
1:12:30.037,1:12:32.002
through and it would automatically mesh and connect you.
1:12:32.002,1:12:37.082
So FreedomBox if applied to that, you told me this interesting example, you could screw them to
1:12:37.082,1:12:41.065
light posts on the street, so maybe elaborate on that,
1:12:41.065,1:12:44.049
maybe it could have an effect and give a lot of coverage.
1:12:44.049,1:12:48.097
The reason why we currently envision mesh,
1:12:48.097,1:12:50.062
and no decisions have been made, right,
1:12:50.062,1:12:54.019
but just in the way we think about it when we talk to each other,
1:12:54.019,1:12:58.021
and the reason why we think mesh networking is not your daily
1:12:58.021,1:13:03.030
mode of use is that the performance degradation is not acceptable to most end-users.
1:13:03.030,1:13:06.029
If mesh networking reaches the point where it is acceptable
1:13:06.029,1:13:09.073
if you're in a place where there's enough nodes, and you
1:13:09.073,1:13:13.002
have a density that you can move around then sure, that
1:13:13.002,1:13:15.083
can make a lot of sense. But for a lot of people who
1:13:15.083,1:13:19.025
exist as a person not near a lot of FreedomBoxes, they're
1:13:19.025,1:13:21.066
going to need the regular internet.
1:13:21.066,1:13:26.010
So yeah, we think mesh will be great where you have that
1:13:26.010,1:13:29.009
density, when the mesh technology is mature.
1:13:29.009,1:13:33.083
When that happens, we could have the most easy access
1:13:33.083,1:13:38.045
to municipal wifi by using the power in all the street
1:13:38.045,1:13:43.037
lights. Put a FreedomBox up in the top of every street lamp.
1:13:43.037,1:13:47.085
Unscrew the light bulb, screw in the FreedomBox, and screw the light bulb back on top.
1:13:47.085,1:13:51.013
So you still get light, we're not going to plunge you into darkness.
1:13:51.013,1:13:56.035
You still get light, but then you have a mesh node. Right there.
1:13:56.035,1:14:00.069
And you could do every 3rd or 4th street light down town, and you could cover
1:14:00.069,1:14:02.078
an area rather effectively.
1:14:02.078,1:14:07.010
It is a way to get simple municipal wifi without running
1:14:07.010,1:14:10.022
any fibre. And every time you have fibre you can link to it.
1:14:10.022,1:14:13.079
Like any time you're near fibre you can link to it and you'll
1:14:13.079,1:14:18.085
get your information out of that little mesh and into the regular network.
1:14:18.085,1:14:23.094
We could have municipal wifi with much lower infrastructure costs than most people currently think of
1:14:23.094,1:14:28.086
when they think of municipal wifi. And we can do it through mesh nodes.
1:14:28.086,1:14:33.095
And if we did it through mesh nodes we would be providing that service not only to people who have
1:14:33.095,1:14:38.057
FreedomBoxes, that just looks like wifi, it just looks like a regular connection.
1:14:38.057,1:14:45.058
You might need to do some fancy hopping, but it's not...
1:14:45.058,1:14:51.011
the mesh boxes themselves will do the fancy hopping, your phone itself won't have to do it.
1:14:51.011,1:14:54.008
While we are talking about phones,
1:14:54.008,1:14:59.000
I want to say that I'm not sure how phones fit into the FreedomBox.
1:14:59.000,1:15:02.041
I'm pretty sure there is a way that phones fit into FreedomBoxes,
1:15:02.041,1:15:05.085
but you can't trust your phone.
1:15:05.085,1:15:09.045
With the so-called smartphones it's not a phone actually but a little computer, no?
1:15:09.045,1:15:12.044
Yes, your phone, a smartphone is a little computer but
1:15:12.044,1:15:16.046
it's not a computer that you can trust, because
1:15:16.046,1:15:20.062
even if you replace the software on your phone,
1:15:20.062,1:15:26.089
with Free software, it's almost impossible to actually replace all the binary drivers,
1:15:26.089,1:15:29.072
it's almost impossible to go all the way down to the metal.
1:15:29.072,1:15:31.081
It's very hard to get a phone that is completely trustworthy
1:15:31.081,1:15:35.008
all the way down to the bottom of the stack.
1:15:35.008,1:15:37.020
So that's a problem we haven't quite figured out how to solve.
1:15:37.020,1:15:42.038
And pretty soon it's going to be impossible to put Free software on phones.
1:15:42.038,1:15:47.069
The days of jailbreaking your iPhone and rooting your Android phone might
1:15:47.069,1:15:55.001
very well come to an end. There is a proposal right now called UEFI.
1:15:55.001,1:16:01.002
It's a standard. We currently use EFI, this would be UEFI.
1:16:01.002,1:16:03.053
I don't know what it stands for, it's a new thing.
1:16:03.053,1:16:08.024
And what this proposal is, is that before your computer,
1:16:08.024,1:16:14.030
before the BIOS will load a bootloader on your computer
1:16:14.030,1:16:17.085
that BIOS has to authenticate, sorry, that bootloader has
1:16:17.085,1:16:20.011
to authenticate to the BIOS. It has to be signed by someone
1:16:20.011,1:16:23.010
the BIOS trusts, someone the BIOS manufacturer trusts.
1:16:23.010,1:16:25.077
And the person who puts the BIOS in your phone can decide who it trusts,
1:16:25.077,1:16:29.049
and they can decide they don't trust anyone except themselves.
1:16:29.049,1:16:36.062
If Apple sells you an iPhone with a BIOS that requires a
1:16:36.062,1:16:39.073
signed operating system, it might be very hard for you to
1:16:39.073,1:16:43.017
get another version of the operating system on there.
1:16:43.017,1:16:49.099
The proposals for this stuff are really in the realm of laptops and computers, that's where it's starting,
1:16:49.099,1:16:53.015
but believe me, technology spreads.
1:16:53.015,1:16:58.098
And if you want to be able to put Linux on a computer that you buy, on a laptop you buy,
1:16:58.098,1:17:03.046
very soon you might have a very difficult time doing that.
1:17:03.046,1:17:05.025
The standard is there, the companies paying attention to it
1:17:05.025,1:17:08.038
are not paying attention to it for our purposes.
1:17:08.038,1:17:12.056
They want to make sure that they can control what is on your computer.
1:17:12.056,1:17:17.060
So this is, you know, another political fight that we're going to engage in,
1:17:17.060,1:17:20.013
not the FreedomBox, but the community.
1:17:20.013,1:17:25.052
We're going to have to have this fight. UEFI. Look it up.
1:17:25.052,1:17:32.053
Start thinking about it. This is going to be a big piece of the puzzle for freedom in computing over
1:17:32.053,1:17:34.018
the next few years.
1:17:34.018,1:17:38.094
We're going to have some problems and we're going to have to find some solutions.
1:17:38.094,1:17:44.075
But wouldn't such an initiative, wouldn't that create a good market for companies who actually
1:17:44.075,1:17:49.060
would supply Linux on such devices, on the phone and on the laptop market.
1:17:49.060,1:17:53.015
I'm sure there are companies supplying that.
1:17:53.015,1:17:54.066
Absolutely.
1:17:54.066,1:17:58.021
And if the market in freedom were good enough to support
1:17:58.021,1:18:02.069
large-scale manufacturing and all that other stuff then we might get that.
1:18:02.069,1:18:05.032
And we might get that anyway.
1:18:05.032,1:18:07.013
I mean, the standard will include as many keys as you want,
1:18:07.013,1:18:08.064
so we might get the freedom.
1:18:08.064,1:18:12.065
But the manufacturers will have a really convenient way to turn the freedom off.
1:18:12.065,1:18:16.069
I think there will be a lot of boxes where you will have freedom.
1:18:16.069,1:18:21.062
But there will also be a lot where right now we think we can get Free software onto it,
1:18:21.062,1:18:24.001
where we won't be able to anymore.
1:18:24.001,1:18:25.096
It's going to be a narrowing of the market.
1:18:25.096,1:18:28.093
I don't think our freedom is going to completely disappear from devices.
1:18:28.093,1:18:33.011
But a lot of devices, if you buy the device without thinking about freedom, assuming you can have it,
1:18:33.011,1:18:37.057
you might get it home and discover that you can't.
1:18:37.057,1:18:45.026
Ok, we want to give the floor again to the audience for more questions or statements.
1:18:45.026,1:18:52.008
Ok, there in the back, one more.
1:18:52.008,1:18:54.078
Yeah, one more time, so...
1:18:54.078,1:19:01.049
Nowadays, where you can hardly really save your PC, laptop, whatever, against malware...
1:19:01.049,1:19:16.028
Isn't it really, a red carpet for hackers to, if you have social networks and circles of friends,
1:19:16.028,1:19:21.092
one gets some malware on his PC, mobile device, whatever,
1:19:21.092,1:19:26.068
has a FreedomBox, authenticates to his friends, the state is secure
1:19:26.068,1:19:32.046
wouldn't that open doors?
1:19:32.046,1:19:37.020
Sure, well, the human error is not one we can control for.
1:19:37.020,1:19:45.012
But someone who has a key that you trust is not necessarily someone who you let run arbitrary code
1:19:45.012,1:19:48.007
on your FreedomBox.
1:19:48.007,1:19:52.071
You might trust them to the point of having message passing with them, and trusting who they are
1:19:52.071,1:19:56.024
and what they say, but you don't necessarily trust the technology that they have and the
1:19:56.024,1:19:58.096
code that they have to be free of malware.
1:19:58.096,1:20:00.086
You'll still have to do all the things you currently do.
1:20:00.086,1:20:04.013
Right now if somebody sends you a file, it could have malware in it.
1:20:04.013,1:20:08.001
We're not making that easier, or better, or more likely to happen.
1:20:08.001,1:20:15.000
I think what we are doing is completely orthogonal to that problem.
1:20:15.000,1:20:19.044
At the same time, if we were to have email services on the box,
1:20:19.044,1:20:23.015
and you know we're not quite sure what the email story of a box like this looks like,
1:20:23.015,1:20:26.073
we probably would want to include some sort of virus scanning or spam catching,
1:20:26.073,1:20:31.074
all the usual filtering tools to give you whatever measure of protection might currently exist.
1:20:31.074,1:20:35.004
But the fact someone has a key and you know who they are
1:20:35.004,1:20:39.008
I don't think that will ever be the security hole.
1:20:39.008,1:20:42.022
Or at least we really hope we can make it so it's not.
1:20:42.022,1:20:48.093
If we fail in that then we've missed a trick.
1:20:48.093,1:20:53.068
Ok, any more statements or questions?
1:20:53.068,1:20:56.096
Ok, so, James, my last question would be...
1:20:56.096,1:20:59.023
You can actually buy the box right now?
1:20:59.023,1:21:00.042
Yes.
1:21:00.042,1:21:01.060
From a company?
1:21:01.060,1:21:02.095
Yes.
1:21:02.095,1:21:05.094
Maybe you can supply that information. But the software is being developed?
1:21:05.094,1:21:07.029
Yes.
1:21:07.029,1:21:11.089
Can you give an estimation about the timeline of your project, or the next milestones?
1:21:11.089,1:21:13.010
Sure.
1:21:13.010,1:21:16.095
So, the boxes are manufactures by a company called Globalscale,
1:21:16.095,1:21:18.058
they're about $140 US dollars.
1:21:18.058,1:21:24.022
There is a slightly older model called the SheevaPlug that is about $90.
1:21:24.022,1:21:28.010
It does just pretty much everything the Dreamplug does.
1:21:28.010,1:21:31.081
It has some heat sinking issues, but it's a pretty good box as well,
1:21:31.081,1:21:38.096
so if the price point matters to you you can get last year's model and it'll serve you just fine.
1:21:38.096,1:21:43.001
The software, right now we have a bare Linux distribution.
1:21:43.001,1:21:45.084
We spent a lot of time getting the binary blobs out of the kernel
1:21:45.084,1:21:50.032
and making it installable onto this hardware target.
1:21:50.032,1:21:54.080
We have a Jabber server, Prosody, that we are modifying to suit our needs.
1:21:54.080,1:22:00.079
And that should be ready, time-frame, weeks.
1:22:00.079,1:22:03.074
Some short number of weeks.
1:22:03.074,1:22:09.064
The Privoxy server, the SSH forwarding, some short number of months.
1:22:09.064,1:22:16.086
But those are our roadmap for the short-term future, is Jabber, SSH forwarding, browser proxying.
1:22:16.086,1:22:22.078
We also are working on the interface, so we're going to have an interface that you can actually
1:22:22.078,1:22:24.073
control some of these services with.
1:22:24.073,1:22:28.017
And the first thing we're doing with that interface is probably allowing you to
1:22:28.017,1:22:30.084
configure this box as a wireless router.
1:22:30.084,1:22:35.062
So it can become your wireless access point if you want it to be.
1:22:35.062,1:22:38.018
And your gateway of course.
1:22:38.018,1:22:39.094
So user interface in one vertical,
1:22:39.094,1:22:44.014
SSH forwarding, browser proxying a little bit out there,
1:22:44.014,1:22:47.058
a little bit closer: Jabber, XMPP secure chat.
1:22:47.058,1:22:52.064
And once we have that stack, we believe that we're going to build upwards from XMPP towards
1:22:52.064,1:22:55.066
perhaps something like BuddyCloud.
1:22:55.066,1:22:58.077
We're seriously looking at BuddyCloud and seeing what problems it solves for us
1:22:58.077,1:23:05.057
in terms of actually letting users group themselves in ways that they can then do access control
1:23:05.057,1:23:08.069
and channels and things of that nature.
1:23:08.069,1:23:13.089
And are you actually in contact with the hardware company producing the servers?
1:23:13.089,1:23:19.041
Yeah, we've had a number of conversations with them.
1:23:19.041,1:23:22.008
They've agreed that when our code is ready this is something
1:23:22.008,1:23:24.050
they are very interested in distributing.
1:23:24.050,1:23:26.073
More importantly we've had a lot of conversations with
1:23:26.073,1:23:28.082
them about freedom.
1:23:28.082,1:23:31.021
About why we do what we do, they way we do.
1:23:31.021,1:23:35.041
And how they need to act if they want to distribute code for
1:23:35.041,1:23:37.048
us and work with our community.
1:23:37.048,1:23:39.015
And what that means is we're teaching them how to comply
1:23:39.015,1:23:41.082
with the GPL, and we're teaching them how to remove the binary drivers,
1:23:41.082,1:23:45.070
and in fact we're doing some of that for them.
1:23:45.070,1:23:47.049
But they're Chinese, right?
1:23:47.049,1:23:49.014
No. No, Globalscale is not a Chinese company.
1:23:49.014,1:23:53.062
Their manufacturing is in China, but they're not a Chinese company.
1:23:53.062,1:23:58.021
And we're also talking to Marvel. Marvel makes the system-on-a-chip that goes onto the boards
1:23:58.021,1:24:00.084
that Globalscale is integrating into their boxes.
1:24:00.084,1:24:05.090
But we're also talking to Marvel about what they can do to better serve the needs of our community.
1:24:05.090,1:24:13.001
So a large part of our efforts is to try to convince manufacturers to make
1:24:13.001,1:24:14.096
hardware that suits our needs.
1:24:14.096,1:24:16.088
This box is a thing that they developed, they invented,
1:24:16.088,1:24:18.053
before they ever met us, before they ever heard of us.
1:24:18.053,1:24:23.062
And if we can get them enough business,
1:24:23.062,1:24:27.035
if by making FreedomBoxes and by putting our software on the box,
1:24:27.035,1:24:30.077
that enables them to sell more boxes they will be very happy
1:24:30.077,1:24:34.048
and when they design the next generation,
1:24:34.048,1:24:39.041
not the next generation of the DreamPlug, but the next generation after whatever they're designing now,
1:24:39.041,1:24:41.061
so we're talking a couple of years from now.
1:24:41.061,1:24:44.070
We can say to them, look, you're selling a lot of boxes
1:24:44.070,1:24:48.072
because you're making a thing that serves the free world very well.
1:24:48.072,1:24:52.027
Remove the 8 inch audio jack because our people don't need it.
1:24:52.027,1:24:55.054
Add a second wifi radio. Put antenna ports on it.
1:24:55.054,1:25:00.028
This box can go from something that looks really good for our purpose to
1:25:00.028,1:25:02.037
being something that looks amazingly good for our purpose.
1:25:02.037,1:25:05.020
And that will require scale.
1:25:05.020,1:25:07.043
And what that means is that the FreedomBox becomes a wedge for
1:25:07.043,1:25:13.038
making better hardware for everyone.
1:25:13.038,1:25:16.033
But it's not just the FreedomBox. The Tor router project is
1:25:16.033,1:25:21.036
also focused on the DreamPlug. They've also decided this is a good box for their purpose.
1:25:21.036,1:25:26.024
If you are making a box that is kind of like a FreedomBox but isn't the FreedomBox because
1:25:26.024,1:25:30.070
it's more specialised to what you want it for, think about
1:25:30.070,1:25:35.090
the DreamPlug as a hardware target. And let us know,
1:25:35.090,1:25:38.059
so that when we go to the company, we can say look,
1:25:38.059,1:25:42.045
look at all the business you are getting by being people that serve the Free world.
1:25:42.045,1:25:52.013
And then, hopefully, we can convince them to make boxes that better serve the Free world.
1:25:52.013,1:25:55.043
And that's not a fantasy. We are having those conversations with them,
1:25:55.043,1:25:57.082
and they are very receptive.
1:25:57.082,1:26:00.017
So I am pretty happy about that aspect we do.
1:26:00.017,1:26:02.086
And my last question would be...
1:26:02.086,1:26:05.039
since we are now, everything is turning mobile,
1:26:05.039,1:26:07.018
it's like we have these computers with an extra phone...
1:26:07.018,1:26:08.064
the phone is a small application on these devices.
1:26:08.064,1:26:13.024
Is there any plan or any idea or any project to say like, have
1:26:13.024,1:26:18.025
a FreedomPhone or Free mobile device?
1:26:18.025,1:26:23.001
So the way you connect to this box is kind of how you connect to your router,
1:26:23.001,1:26:24.064
port 80, browser.
1:26:24.064,1:26:28.054
But another way you could do it would be an app on your cellphone that bluetooths to the box.
1:26:28.054,1:26:33.060
I don't actually think the box has bluetooth, but you know,
1:26:33.060,1:26:36.032
an app on your cellphone that talks to the box over the network, say.
1:26:36.032,1:26:38.022
That's possible, we're thinking about that.
1:26:38.022,1:26:41.022
We're thinking about what that looks like for the large population
1:26:41.022,1:26:43.056
that exists out there that doesn't have computers.
1:26:43.056,1:26:46.084
There's an awful lot of people that only have cellphones, they don't have computers.
1:26:46.084,1:26:49.009
And we want them to have freedom too.
1:26:49.009,1:26:50.088
So figuring out how we can use a cellphone to talk to the box is a future problem.
1:26:50.088,1:26:51.076
We're not working on it right now, but we're certainly talking
1:26:51.076,1:26:57.029
about where it fits into the roadmap.
1:26:57.029,1:27:01.026
And that's why we are concerned about whether or not you
1:27:01.026,1:27:05.023
can trust your phone.
1:27:05.023,1:27:07.029
Because if you can trust your FreedomBox, but not the
1:27:07.029,1:27:09.066
thing you use to access it then you don't really have the privacy you think you have.
1:27:09.066,1:27:12.066
So, figuring out, can you trust your cellphone? Is a big part of the puzzle.
1:27:12.066,1:27:17.072
It's a big thing that we don't know how to do yet.
1:27:17.072,1:27:21.046
So let me make a little advertisement for another interesting project,
1:27:21.046,1:27:24.073
there is a Spanish development, I think it is also produced in China,
1:27:24.073,1:27:26.082
but it's called The Geek's Phone.
1:27:26.082,1:27:30.070
And they have a compatible Android installation by default,
1:27:30.070,1:27:34.014
and they are probably having a similar philosophy to keep the hardware open.
1:27:34.014,1:27:36.067
So maybe there is a new cooperation on the horizon.
1:27:36.067,1:27:40.094
Oh yeah, we love projects like that.
1:27:40.094,1:27:41.044
I don't know a lot about their project, but I have heard of it
1:27:41.044,1:27:44.005
and it is on my list of things to look into.
1:27:44.005,1:27:47.060
I would love to see that succeed, that would be excellent.
1:27:47.060,1:27:50.030
Well James, thank you for your presentation.
1:27:50.030,1:27:54.076
I think it was really interesting. And thank you for coming.
1:27:54.076,1:27:57.084
James will be back on this stage at 7pm when we have our final discussion on the 20 years of
1:27:57.084,1:28:03.049
the world wide web.
1:28:03.049,1:28:05.000
Thank you James for coming.
1:28:05.000,1:28:12.083
APPLAUSE